Package: amavisd-new
Version: 1:2.6.4-3
Severity: normal
Tags: squeeze
As seen here:
Feb 4 12:59:00 server amavis[10256]: (10256-08) Passed SPAM, [91.187.16.183]
[91.187.16.183] <xxx...@xxxxx.xx> -> <xx...@xxxx.xx>, quarantine:
spam-7UpI76jX-2a1.gz, mail_id: 7UpI76jX-2a1, Hits: 21.685, size: 1341,
queued_as: DAD2C16400FD, 4517 ms
the mail_id can contain the '-' character but the logcheck rule doesn't acount
for that:
s/[[:space:]]*$//' /root/test | egrep '^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (CLEAN|SPAM),( LOCAL)?(
\[(IPv6:)?[[[:xdigit:].:]{3,39}\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*,(
Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,)?(
Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits:
((-)?[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK
id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages amavisd-new depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii file 5.04-5 Determines file type using "magic"
ii libarchive-zip-perl 1.30-3 Perl module for manipulation of ZI
ii libberkeleydb-perl 0.42-1~squeeze1 use Berkeley DB 4 databases from P
ii libcompress-raw-zlib-per 2.026-1 low-level interface to zlib compre
ii libconvert-tnef-perl 0.17-9 Perl module to read TNEF files
ii libconvert-uulib-perl 1.12-1 Perl interface to the uulib librar
pn libdigest-md5-perl <none> (no description available)
ii libio-stringy-perl 2.110-4 Perl modules for IO from scalars a
ii libmail-dkim-perl 0.38-1 cryptographically identify the sen
ii libmailtools-perl 2.06-1 Manipulate email in perl programs
pn libmime-base64-perl <none> (no description available)
ii libmime-tools-perl 5.428-1 Perl5 modules for MIME-compliant m
ii libnet-server-perl 0.97-1 An extensible, general perl server
ii libunix-syslog-perl 1.1-2 Perl interface to the UNIX syslog(
ii pax 1:20090728-1 Portable Archive Interchange
ii perl [libtime-hires-perl 5.10.1-17 Larry Wall's Practical Extraction
ii perl-modules [libarchive 5.10.1-17 Core Perl modules
amavisd-new recommends no packages.
Versions of packages amavisd-new suggests:
pn apt-listchanges <none> (no description available)
ii arj 3.10.22-9 archiver for .arj files
ii cabextract 1.3-1 a program to extract Microsoft Cab
ii clamav 0.96.5+dfsg-1.1 anti-virus utility for Unix - comm
ii clamav-daemon 0.96.5+dfsg-1.1 anti-virus utility for Unix - scan
ii cpio 2.11-4 GNU cpio -- a program to manage ar
pn dspam <none> (no description available)
ii lha 1.14i-10.3 lzh archiver
pn libauthen-sasl-perl <none> (no description available)
ii libdbi-perl 1.612-1 Perl Database Interface (DBI)
ii libmail-dkim-perl 0.38-1 cryptographically identify the sen
pn libnet-ldap-perl <none> (no description available)
pn libsnmp-perl <none> (no description available)
ii lzop 1.02~rc1-2 fast compression program
ii nomarch 1.4-3 Unpacks .ARC and .ARK MS-DOS archi
pn p7zip <none> (no description available)
pn rpm <none> (no description available)
ii spamassassin 3.3.1-1 Perl-based spam filter using text
ii unrar 1:3.9.10-1 Unarchiver for .rar files (non-fre
pn unrar-free <none> (no description available)
ii zoo 2.10-22 manipulate zoo archives
-- Configuration Files:
/etc/amavis/conf.d/15-content_filter_mode changed:
use strict;
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1; # insure a defined return
/etc/amavis/conf.d/20-debian_defaults changed:
use strict;
$QUARANTINEDIR = "$MYHOME/virusmails";
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug'; # switch to info to drop debug output, etc
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
$inet_socket_port = 10024; # default listenting socket
$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt = undef; # add spam info headers if at, or above that
level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes
$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine)
$final_banned_destiny = D_BOUNCE; # D_REJECT when front-end MTA
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS; # False-positive prone (for spam)
$virus_admin = "adi\@turbocar.ro"; # due to D_DISCARD default
$mailfrom_notify_admin = "adi\@turbocar.ro";
$X_HEADER_LINE = "Debian $myproduct_name at $mydomain";
$enable_dkim_verification = 0; #disabled to prevent warning
@viruses_that_fake_sender_maps = (new_RE(
[qr'\bEICAR\b'i => 0], # av test pattern name
[qr/.*/ => 1], # true for everything else
));
@keep_decoded_original_maps = (new_RE(
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));
$banned_filename_re = new_RE(
# block certain double extensions anywhere in the base name
qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Windows Class ID
CLSID, strict
qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
qr'^\.(exe-ms)$', # banned file(1) types
);
@score_sender_maps = ({ # a by-recipient hash lookup table,
# results from all matching recipient tables are summed
## site-wide opinions about senders (the '.' matches any recipient)
'.' => [ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],
[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0],
[qr'^(your_friend|greatoffers)@'i => 5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
),
{ # a hash-type lookup table (associative array)
'nob...@cert.org' => -3.0,
'cert-advis...@us-cert.gov' => -3.0,
'owner-al...@iss.net' => -3.0,
'slash...@slashdot.org' => -3.0,
'securityfocus.com' => -3.0,
'ntbugt...@listserv.ntbugtraq.com' => -3.0,
'security-ale...@linuxsecurity.com' => -3.0,
'mailman-announce-ad...@python.org' => -3.0,
'amavis-user-ad...@lists.sourceforge.net'=> -3.0,
'amavis-user-boun...@lists.sourceforge.net' => -3.0,
'spamassassin.apache.org' => -3.0,
'notification-ret...@lists.sophos.com' => -3.0,
'owner-postfix-us...@postfix.org' => -3.0,
'owner-postfix-annou...@postfix.org' => -3.0,
'owner-sendmail-annou...@lists.sendmail.org' => -3.0,
'sendmail-announce-requ...@lists.sendmail.org' => -3.0,
'donotre...@sendmail.org' => -3.0,
'ca+envel...@sendmail.org' => -3.0,
'nore...@freshmeat.net' => -3.0,
'owner-techn...@postel.acm.org' => -3.0,
'ietf-123-ow...@loki.ietf.org' => -3.0,
'cvs-commits-list-ad...@gnome.org' => -3.0,
'rt-users-ad...@lists.fsck.com' => -3.0,
'clp-requ...@comp.nus.edu.sg' => -3.0,
'surveys-err...@lists.nua.ie' => -3.0,
'emailn...@genomeweb.com' => -5.0,
'yahoo-dev-n...@yahoo-inc.com' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'clustern...@linuxnetworx.com' => -3.0,
lc('lvs-users-ad...@linuxvirtualserver.org') => -3.0,
lc('owner-textbreakingn...@cnnimail12.cnn.com') => -5.0,
# soft-blacklisting (positive score)
'sen...@example.net' => 3.0,
'.example.net' => 1.0,
},
], # end of site-wide tables
});
1; # insure a defined return
/etc/amavis/conf.d/50-user changed:
use strict;
@lookup_sql_dsn = (
['DBI:mysql:database=mail;host=127.0.0.1;port=3306',
'maild',
'w74)PDg39H?5zmAc']);
$sql_select_policy = 'SELECT name FROM virtual_domains WHERE CONCAT("@",name)
IN (%k)';
1; # insure a defined return
-- debconf information:
amavisd-new/outdated_config_style_warning:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
