telacky,

Can you tell me what file determins the flag "+++SPAM+++" ?

I would like to change it. Or should I ?

So far all SPAM that have a flag of Yes has been filtered correctly but still come through and make thunderbird have to do all the work for me. Can I have these emails that fit the Criteria of status = yes and +++SPAM+++

for a tag just go to /dev/null ?

I have two clients telling me that my mail server is deferring mail to them.

I would have to think it is not my server, but I do not let mail servers through

that are not setup correctly until I can determine what they may be doing wrong.

Thank you for your help

Nukemizer

telacky,

Can you tell me what file determins the flag

"+++SPAM+++" ?

I would like to change it. Or should I ?

So far all SPAM that have a flag of Yes has been

filtered correctly but still come through and make

thunderbird have to do all the work for me. Can I

have these emails that fit the Criteria of status =

yes and +++SPAM+++

for a tag just go to /dev/null ?

I have two clients telling me that my mail server is

deferring mail to them.

I would have to think it is not my server, but I do

not let mail servers through

that are not setup correctly until I can determine

what they may be doing wrong.

Thank you for your help

Nukemizer

The file you need to change is amavisd.conf. You should see the SPAM flag for subject appending there.

with some testing, I see Spam that gets tagged by both of the files listed below , but not by both at the same time.

Is there a reason behind what each amavisd.conf looks for ?

/usr/local/etc/conftemplates/amavisd.conf

/usr/local/etc/amavisd.conf

I know there is a risk, but thus far all spam marked as such has been dead on.

Can I send messages that are tagged to dev null and not have them leave the SV box ?

You may want to edit both, if you choose, but /usr/local/etc/amavisd.conf is the only one amavis reads. The other is used by the setup program as a template for writing the config amavis config. The only reason to edit the other one is to change a setting that might otherwise get reset if one re-ran setup.

The typical solution regarding preventing spam from being delivered is also an option is amavisd.conf, and is one of the questions during setup. If you'd like to discard spam, in /usr/local/etc/amavisd.conf, and only that one, as the template handles this when using setup, change:

$final_spam_destiny = D_PASS;

to

$final_spam_destiny = D_DISCARD;

The message will then go to quarantine instead of being delivered. The quarantine starts deleting the oldest messages once it grows past a certain size (also in setup, the default is ~500MB), so you don't have to worry about the quarantine taking over the disk.

The last setting in that file you may be interested in is $sa_quarantine_cutoff_level, which sets a spam score at which even quarantine is not done, and the message is silently discarded. The default is about 30, but to catch a few more, it might be ok to drop it to the 18 to 20 range.

EDIT:

I thought I'd mention, the other way to set the destiny for spam is simply by re-running setup. That is usually a safe thing to do, but it is possible if one has made custom changes to configuration files that will be written by setup, those changes would be lost.

telackey,

Hi, is it possibe to add something to the BADH

mail tat end up in quarentine, right now we see BADH

in quarantine but need to go in the maillog to see

if it was forward to the user or not, maybe if it is

possible to add a flag in the quarentine to let us

know if it was pass or drop.

like BADH-Pass or BADH-Block

Thanks.

I'll think on this some more, but I haven't come up with any way to do this yet. The reason is that the quarantine is handled by amavis, and it would really need done at that level. I would need to examine the amavis source to know for sure if this were possible, but perhaps you might have success asking the amavis mailing list (there is a link at the homepage http://www.ijs.si/software/amavisd/). I developer there may in fact be able to better describe the whole BADH process, which looks to be somewhat complex.

Hi,

I have 2 users that dont see anything in there

quarantine (they can log in to spam viewer), but if

I look with vadmin there is stuff there, I also have

a lot of users that have no problem. Any idea whats

wrong or how can I troubleshoot this?

Thanks.

Message was edited by:

phoenixsecure

Yep, the place where I would start is to check that they have the proper e-mail address(es) applied to their viewer accounts. The way to check is to open "Admin Console->Manage Users" logged into the viewer as vadmin, and then click on the user name. There should be a form field with one e-mail address per line. You'll want to check that the address(es) are there, no typos, etc.

If that doesn't do give a clue, I'd drop down to looking at the DB file (/usr/home/spamviewer/db/spam.db) using the sqlite3 tool. I can help with that if you need it. There is also documentation at http://www.sqlite.org/, and to see the tables themselves using the tool one can use '.tables' to get the list and then '.schema ' to look at the structure of the table.

Q1: most of the Email a SPAM anyway (score not high

enough, but most of them are) can I just config

postfix not to send any notice to sender, just delete

undelieveable Email.

May be. Reporting an error delivering is normally a necessary thing, even if it might not be in this instance, though, so I would be careful. I don't know exactly how to get the desired result for this specific instance, so the best I can do is direct you to the postfix documentation.

With that said, one plan in this situation would be to add the allowed recipients list to postfix as well. All you need to do is create a file in /usr/local/etc/postfix that looks like:

user1@domain1.com OK

user2@domain1.com OK

and so forth, run postmap on the file, and then add a line at the end of /usr/local/etc/postfix/main.cf that looks like:

relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients

After restarting postfix, it will reject recipients not listed.

Q2: how to setup smtp server in postfix to deliever

bounce Email notice? my smtp server need user

name:password

Take a look at the docs here, I think it has just what you need: http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailservers.html

Edit:

You may need to rebuild Postfix from ports (/usr/ports/mail/postfix) to enable SASL. This \_should_ be pretty smooth, but I would take a snapshot first. When configuring at the least you want to select BDB, TLS, and SASL support when given the option and to keep PCRE (that is, do not check NOPCRE).

The thing is I import my users from the Microsoft Active Directory, those 2 users can log in spam viewer so it mean that the user name an password is ok. Just the quarentine that is empty, but if I log as vadmin I see stuff in there quarantine.

The thing is I import my users from the Microsoft

Active Directory, those 2 users can log in spam

viewer so it mean that the user name an password is

ok. Just the quarentine that is empty, but if I log

as vadmin I see stuff in there quarantine.

It is still worth checking, because the users, once created, do not have their addresses updated automatically. The reason for that is so that if one adds or removes addresses from a user in the viewer, one doesn't want those changes overwritten automatically later. An example of this is if a user had more addresses listed in their viewer account than they had under Exchange because of email aliases.

As an alternative, you can try deleting those users in the viewer. They will come back on their own the next time /etc/periodic/daily/476.m-spamviewer is run.

The problem could be something else, but I just thought I'd mention that this is still worth checking.

spamviewer problem.

First i am a new user of spamviewer and there is a

very good appliance.

My problem :

i dont know why but from few time the spamviewer

fail.

first files in /var/virusmails/ rigths are -rw-r-----

vscan mail or -rw-r----- vscan vscan

when i try to connect to View all spam as vadmin the

program fail with an permission denied if i do chmod

o+w /var/virusmails/* the problem is solved

Yes, normal permissions are 640 for vscan:mail. When you encounter this problem, could you check and see if there are any messages owned by some other user? Also, I am curious, since I have not seen this problem, did you by chance update amavisd-new or any of the other software?

bud when i try to release a message i have a new

error :

Error releasing message

releaser.cgi is in the good place, and if i try to do

/usr/local/sbin/amavisd-release

/var/virusmails/message_id

he message is correctly released (i am connected as

root)

I just want to confirm. This at one time did work and now does not? I think it may be related to the problem above, but it is hard to be sure without any more info. You might try looking at the web server logs (/var/log/http-*) to see if there is any more about the error that got recorded there.

i only change in config.py

#Mail locations

SPAM_FOLDER="/var/virusmails"

VIRUS_FOLDER="/var/virusmails"

BANNED_FOLDER="/var/virusmails"

BADH_FOLDER="/var/virusmails"

this change is made because before change whent i

click on one mail i have a permission denied for

/var/virusmails//message_id

That change may be OK, but it is actually safer to have the trailing '/'. A '//' is harmless, but if I ever accidently forgot to add a '/' in the viewer code, it would not have one at all.

amavis-stats: error: Could not open rotated logfile.

amavis-stats: error: Tried extentions .0, .1, .01, -20061117, -20061116

jobber:

It looks like it is trying to open the archived maillogs, but the reason it can't is that they are bzipped.

The longer answer is, I don't really know why it is trying to open them in the first place (I am not too familar with the inner working of amavisd-stats). I'll need to take a look. One fix would be to change the log preferences not to use bzip2. Those are set in /etc/newsyslog.conf. If you changed them, you'd need to change pflogstats.cgi too to use 'cat' instead of 'bzcat' on the logs.

yes i have updated lots of parts with a portupgrade. I add a pkg_info

amavisd-new-2.4.3_1,1 Performance-enhanced daemonized version of amavis-perl

apache-2.0.59 Version 2 of Apache web server with prefork MPM.

arc-5.21o_1 Create & extract files from DOS .ARC files

arj-3.10.22 Open-source ARJ

autoconf-2.59_2 Automatically configure source code on many Un*x platforms

bash-2.05b.007_6 The GNU Bourne Again Shell

ca-roots-1.2 A list of SSL CA root certificates

cabextract-1.1_1 A program to extract Microsoft cabinet (.CAB) files

clamav-0.88.5 Command line virus scanner written entirely in C

curl-7.15.5_1 Non-interactive tool to get files from FTP, GOPHER, HTTP(S)

cvsup-without-gui-16.1h_2 General network file distribution system optimized for CVS

db41-4.1.25_3 The Berkeley DB package, revision 4.1

expat-2.0.0_1 XML 1.0 parser written in C

ezm3-1.2_1 Easier, more portable Modula-3 distribution for building CV

fetchmail-6.3.4_3 Batch mail retrieval utility for IMAP/POP2/POP3/ETRN/ODMR

freeze-2.5_2 Compression program - often used in QNX

gettext-0.14.5_2 GNU gettext package

gmake-3.81_1 GNU version of 'make' utility

gnu-autoconf-2.59 Automatically configure source code on many Un*x platforms

gnu-automake-1.9.6 GNU Standards-compliant Makefile generator (GNU unmodified)

gnu-libtool-1.5.20 Generic shared library support script (GNU unmodified)

gnupg-1.4.5_1 The GNU Privacy Guard

help2man-1.36.4_1 Automatically generating simple manual pages from program o

lha-1.14i_6 Archive files using LZSS and Huffman compression (.lzh file

libgmp-4.2.1_1 A free library for arbitrary precision arithmetic

libiconv-1.9.2_2 A character set conversion library

libtool-1.5.22_2 Generic shared library support script

libunrar-3.6.8,1 Library to work with RAR archivies

lsof-4.77 Lists information about open files (similar to fstat(1))

lzo2-2.02_1 Portable speedy, lossless data compression library

lzop-1.02.r1 Fast file compressor similar to gzip, using the LZO library

m4-1.4.4 GNU m4

mod_python-3.2.10 Apache module that embeds the Python interpreter within the

openldap-client-2.2.30 Open source LDAP client implementation

p5-Algorithm-Diff-1.1902 Perl interface to compute differences between two objects

p5-Archive-Tar-1.30 Perl module for creation and manipulation of tar files

p5-Archive-Zip-1.18 Perl module to create, manipulate, read, and write Zip arch

p5-Authen-PAM-0.16_1 A Perl interface to the PAM library

p5-Authen-SASL-2.10_1 Perl5 module for SASL authentication

p5-BerkeleyDB-0.30 Perl5 interface to the Berkeley DB package

p5-Compress-Zlib-1.42 Perl5 interface to zlib compression library

p5-Convert-ASN1-0.20 Perl5 module to encode and decode ASN.1 data structures

p5-Convert-BinHex-1.119 Perl module to extract data from Macintosh BinHex files

p5-Convert-TNEF-0.17 Perl module to read TNEF files

p5-Convert-UUlib-1.06,1 Perl5 interface to the uulib library (a.k.a. uudeview/uuenv

p5-Crypt-OpenSSL-Bignum-0.03 OpenSSL's multiprecision integer arithmetic

p5-Crypt-OpenSSL-RSA-0.23_1 Perl5 module to RSA encode and decode strings using OpenSSL

p5-Crypt-OpenSSL-Random-0.03 Perl5 interface to the OpenSSL pseudo-random number generat

p5-Date-Manip-5.44 Perl5 module containing date manipulation routines

p5-Digest-1.15 Modules that calculate message digests

p5-Digest-HMAC-1.01 Perl5 interface to HMAC Message-Digest Algorithms

p5-Digest-MD5-2.36 Perl5 interface to the MD5 algorithm

p5-Digest-SHA1-2.11 Perl interface to the SHA-1 Algorithm

p5-Email-Address-1.87.1 RFC 2822 Address Parsing and Creation

p5-File-Temp-0.17_1 Perl5 module to generate temporary files or directories saf

p5-File-Which-0.05 Portable implementation of `which' in Perl

p5-GSSAPI-0.23 Perl extension providing access to the GSSAPIv2 library

p5-Geography-Countries-1.4 Handle ISO-3166 country codes

p5-HTML-Parser-3.55 Perl5 module for parsing HTML documents

p5-HTML-Tagset-3.10 Some useful data table in parsing HTML

p5-IO-Multiplex-1.08 IO::Multiplex - Manage IO on many file handles

p5-IO-Socket-INET6-2.51_1 Perl module with object interface to AF_INET6 domain socket

p5-IO-Socket-SSL-1.01 Perl5 interface to SSL sockets

p5-IO-String-1.08 Simplified Perl5 module to handle I/O on in-core strings

p5-IO-Zlib-1.04_1 IO:: style interface to Compress::Zlib

p5-IO-stringy-2.110 Perl5 module for using IO handles with non-file objects

p5-IP-Country-2.21 Fast lookup of country codes from IP addresses

p5-MIME-Base64-3.07 Perl5 module for Base64 and Quoted-Printable encodings

p5-MIME-Tools-5.420,2 A set of perl5 modules for MIME

p5-Mail-DomainKeys-0.88 Perl implementation of DomainKeys

p5-Mail-SPF-Query-1.999.1 Query Sender Permitted From for an IP,email,helo

p5-Mail-SpamAssassin-3.1.6 A highly efficient mail filter for identifying spam

p5-Mail-Tools-1.74 Perl5 modules for dealing with Internet e-mail messages

p5-Math-BigInt-1.77 Math::BigInt - Arbitrary size integer math package

p5-Net-1.19,1 Perl5 modules to access and use network protocols

p5-Net-CIDR-Lite-0.20 Perl extension for merging IPv4 or IPv6 CIDR addresses

p5-Net-DNS-0.59 Perl5 interface to the DNS resolver, and dynamic updates

p5-Net-IP-1.25 Perl extension for manipulating IPv4/IPv6 addresses

p5-Net-SSLeay-1.30_1 Perl5 interface to SSL

p5-Net-Server-0.94 A configurable base class for writing internet servers in P

p5-Parse-Syslog-1.09 Perl5 routines that present a simple interface to parse sys

p5-PathTools-3.23 A Perl module for portably manipulating file specifications

p5-Scalar-List-Utils-1.18,1 Perl subroutines that would be nice to have in the perl cor

p5-Socket6-0.19 IPv6 related part of the C socket.h defines and structure m

p5-Sys-Hostname-Long-1.4 Try every conceivable way to get full hostname

p5-Test-Harness-2.64 Run perl standard test scripts with statistics

p5-Test-Simple-0.65 Basic utilities for writing tests in perl

p5-Text-Diff-0.35 Text::Diff - Perform diffs on files and record sets

p5-Time-HiRes-1.91,1 A perl5 module implementing High resolution time, sleep, an

p5-URI-1.35 Perl5 interface to Uniform Resource Identifier (URI) refere

p5-Unix-Syslog-0.100 Perl5 interface to the UNIX syslog(3) calls

p5-XML-NamespaceSupport-1.09_1 A simple generic namespace support class

p5-XML-SAX-0.14 Simple API for XML

p5-gettext-1.05_1 Message handling functions

p5-libwww-5.805 Perl5 library for WWW access

p5-perl-ldap-0.33 A Client interface to LDAP servers

pcre-6.7 Perl Compatible Regular Expressions library

perl-5.8.8 Practical Extraction and Report Language

pkg-config-0.21 A utility to retrieve information about installed libraries

portaudit-0.5.11 Checks installed ports against a list of security vulnerabi

portupgrade-2.1.3.3_1,2 FreeBSD ports/packages administration and management tool s

postfix-2.3.4,1 A secure alternative to widely-used Sendmail

py24-ldap2-2.2.0 An LDAP module for python, for OpenLDAP2

py24-psyco-1.5.1 Python Specializing Compiler

py24-pysqlite-2.1.3_1 A DB-API v2 Python library for the SQLite 3 embedded SQL en

python-2.4.3,1 The "meta-port" for the stable version of Python interprete

python24-2.4.3_3 An interpreted object-oriented programming language

pyzor-0.4.0_4 A collaborative, networked system to detect and block spam

quixote-2.4 A framework for developing web applications in Python

razor-agents-2.82 A distributed, collaborative, spam detection and filtering

rpm2cpio-1.2_2 Convert .rpm files for extraction with /usr/bin/cpio, needs

ruby-1.8.5_4,1 An object-oriented interpreted scripting language

ruby18-bdb-0.5.9_2 Ruby interface to Sleepycat's Berkeley DB revision 2 or lat

sqlite-3.3.7 An SQL database engine in a C library w/ Tcl wrapper

tcl-8.4.13_1,1 Tool Command Language

unarj-2.65_2 Allows files to be extracted from ARJ archives

unrar-3.60,4 Extract, view & test RAR archives

unzip-5.52_2 List, test and extract compressed files in a ZIP archive

unzoo-4.4_1 A zoo archive extractor

webmin-1.300_1 Web-based interface for system administration for Unix

zoo-2.10.1_2 Manipulate archives of files in compressed form

this help ?

But now CLAMAV is stating it needs updating, could

you help out with this? How can I update SV clamAV

the right way without breaking it?

Sorry it has taken so long to reply. It has been an extremely busy week. I haven't forgotten though, I am working on a howto doc for this very thing.