Telackey

I am running SV for one of my clients. They have

been informing me that it isn't blocking much. That

was suprising to me, since their configuration and

mine are the same, and mine is blocking almost

everything. After more research, I think that I

figured it out.

For myself, I adjusted my MX record to point to my

SV. Spammers talk directly to my SV appliance, so

DNS blacklist lookups are working correctly. My

client however, didn't want to set theirs up that

way, and their mail goes through and isp who forwards

the mail to SV, and then SV forwards the mail to the

clients Exchange server. After looking through the

quarantine, I discovered that SpamAssassin is only

using Bayes_ and URI_ to block messages (mostly).

There aren't any DNS_BL scores hitting, like I see

in my quarantine.

How do I configure Postfix/SA to ignore the ip of the

ISPs mail server, and correctly submit the spammers

ip to the blacklist lookups?

Hope this is understandable.

netmavrik

Did you recived Telackey's answer for this issue ? because I don't find it.

Regards,

He never replied, and I was never able to figure out why DNS blacklists don't work in that configuration.

This scenario doesn't allow for me to put SV in front of the SMTP server. I setup another SV VM without my usual tweaks and updates, and it still doesn't work properly. I did verify that the SMTP server was including the ip address of the spammers server in the message header. The information that SpamAssassin needs to perform the DNS lookup is available.

A few mages back there is a clamav update instruction by myself, do that and the access rights correction a few posts later ad you will be allright.

Biggest obstacle is that SV is not setup for updates itself.

As SV is FreeBSD 6.1 you cen read up on the requirements at the freebds manual.

ALWAYS MAKE A OFFLINE VMWARE SNAPSHOT, AND YOU WILL ALWAYS BE FINE.[/b]

(I installed webmin as well later , but that broke some stuff I havent figured out yet)

Telackey,

Its a really great appliance and this forum has really been helpful in my implementation of this appliance. I was wondering if you were going to implement the daily/weekly digest feature on a per user basis.

Has anyone got this working? How would i go about implementing it if it is not on you list.

Any Help would be appreciated!

On the web interface when you release a spam item it doesnt disappear from the list. Is it possible for it to disappear from the list when you release it.

Also a good feature to have on the web interface would be that you can select multiple messages by checkin the box and than release all that are checked.

I can help with this one. In amavisd.conf you can set the limit of the items that are retained in the quarantine. Look for $sa_quarantine_cutoff_level. You need to experiment to find the right value for you. It needs to be low enough to drop the obvious spam, but high enough to quarantine a false positive.

Good luck.

Is there a setting to limit the number of days a email stay in quarentine, ex. I would like to keep only 2 weeks in the quarentine and delete everything that are older than that. Even if its a script that I can run in cron I dont mind.

Thanks.

Hi, I have one question, is there a way to limit the

number of email ending up in the viewer database?

Right now I have around 18,000 emails in it and my

users are complaining that its slow as hell to go

into the viewer and check there emails there. Any

suggestions?

Thanks.

Yep. A couple of things will help. One, as netmavrik suggested, you can adjust the level at which the quarantine isn't used. That is, something that is ridiculously spammy isn't even kept for quarantine. That will help cut down the inflow.

The other is how much spam to keep. It is a question during setup, but defaults a large size that is probably too high most situations. To change it, edit /usr/local/sbin/clean-spam.sh and change the value of SIZE to something much smaller. It starts by deleting messages older than thirty days, and continues to delete messages counting down to more recent messages until the total size of the messages is below the SIZE limit.

Is there a setting to limit the number of days a

email stay in quarentine, ex. I would like to keep

only 2 weeks in the quarentine and delete everything

that are older than that. Even if its a script that

I can run in cron I dont mind.

Thanks.

Not directly, but you could edit that clean-spam.sh script to care less (or not at all) about size, and only age. (Note, I did not test this command.)

#!/bin/sh

MAILPATH="/var/virusmails/"

cd $MAILPATH

if \[ $? -ne 0 ]; then

echo "Unable to enter directory"

exit 1

fi

DAYS=14

find . \( -name "spam" -or -name "virus" -or -name "banned" -or -name "bad" \) -and -ctime +$DAYS | xargs -n1 rm

Another one, are you planning on releasing a new

version or do we have to update the software ourself?

And if so do you have some doc on how to upgrade the

different soft (clam,amavis,spamassassin etc)

Thanks and keep the good work.

Yes, I am currently working on a new release. It will have changes and enhancements as well the latest versions of all the relevant software.

I can do certain work without needing the OS installed, but I am hoping to use FreeBSD 6.2-Release as the base for the real release, if it won't be too long.

He never replied, and I was never able to figure out

why DNS blacklists don't work in that configuration.

Yes, sorry about that. I haven't had time to reply to every question, though I try to reply to most.

However, on this one, I don't know the answer, so I will/would need to look it up. Someone else may be just as successful looking it up on their own, however.

On the web interface when you release a spam item it

doesnt disappear from the list. Is it possible for it

to disappear from the list when you release it.

Also a good feature to have on the web interface

would be that you can select multiple messages by

checkin the box and than release all that are checked.

Yep, both good features. Both should be in the next release, which is what I am working on now, the first as an option and the second just an enhancement. There is a chance I may switch quarantine interfaces to an OSS project rather than the viewer I wrote. It would also make these available, I believe. I haven't finalized my decision on the switch, as the functionality of the interfaces is similar, and it would be easier for me to make changes and enhancements to my viewer.

telackey,

I wonder if you could give a more detailed

enumeration than you did earlier about what

permissions (and anything else for that matter) that

need to be reset after such an update. I have not

encountered any functional problems yet but I don't

use the www tools.

My plans include a reset permissions script, that will handle all this in case things get out of whack. When I have written it, I can probably give you a complete list of files and their necessary permissions. I can say that what I was particularly concerned about were the permissions of the ClamAV DB (/var/db/clamav) and logs (/var/log/clamav). These should be 644 for vscan:vscan the DB and 640 for vscan:vscan for the logs. The key thing there is that the user is vscan, not clamav.

I am also configuring sa-update to download the SARE

recommended rules from RulesEmporium (as outlined

here:

http://daryl.dostech.ca/sa-update/sare/sare-sa-update-

howto.txt). As such I no longer need the RulesDuJour

updates or the cron job. Could you tell me how to

delete this cron job, or at least which user it runs

under. I can't seem to find it.

Just remove the symlink at:

/etc/periodic/daily/477.rules_du_jour

Since updating amavisd (I think) there is a little

changed behaviour. On boot, directly after the

amavisd service starts I now get the message:

"Configuring syscons: blanktime". Also, if stopping

amavisd the process won't stop by itself and has to

be killed (I forget the name of what does that - but

it is reported to the screen). I don't think any of

these happened before the update, so is this OK?

I don't know for sure, but while it sounds less than ideal, it doesn't sound like a big deal.

Last questions are more general.

I have done quite a bit of reconfiguring and

customizing now. Will all this be wiped out with new

updates?? and/or if I run the initial config again?

Updates generally haven't and won't change your config files. Running setup however, it depends on the file. Certain files could be wiped out, specifically SA's local.conf, amavisd.conf, the viewer's config file, and the postfix conf files.

There are two options. One is to merge your changes into the templates at /usr/local/etc/conftemplates/ before re-running. The other is always good, which is to make sure to backup your conf before doing a setup, so you could always copy your file back if needed. The best way to do that is by running: backup_conf.

Will a newer release of SpamAssassin be included soon

to make the upgrade to (at least) v3.0104 for the

FuzzyOcr install unnecesary?

I plan to use the latest SA available from ports at the time of the next release.

There was talk of getting a proper forum for VA a few

pages ago ... is this still on the cards? (this

thread is impossible to search)

I don't know.

Lastly thanks for a great VA ... you've succeeded in

helping me onto *nix, and introduced me to

SpamAssassin, Postfix, and FreeBSD, all in one shot.

I'm very grateful.

I am glad it has been of help and use!

Telackey -

I finally got it to work. I had to edit amavisd.conf and modify the @mynetworks parameter to include any of the ISP's smtp servers that could possibly forward the message to this VM. It turns out that the networks value in the local.cf file isn't used with Amavisd-new. I like to have never figured that out.

This particular setup isn't my favorite, but the client was a adamant about making sure that e-mails related to orders, invoicing and tech support are in no way filtered. They don't even want them passing through another mail server. The only way for me to accomplish that was to put SV behind their front-end server, and forward from SV to their Exchange Server.

It is different, but I finally got it to work.

Any ETA on new release? Are you talking days or weeks?

Thanks and I cant wait to see the new release, keep the good work.

Any ETA on new release? Are you talking days or

weeks?

Thanks and I cant wait to see the new release, keep

the good work.

Weeks. I have some more work to do on my end and I am hoping to use FreeBSD 6.2-Release, which is currently at RC2.