Package: amavisd-new
Version: 1:2.2.1-1
Severity: critical
Tags: experimental
Justification: causes serious data loss
Tagging critical per-debian policy, e-mail dropped.
The experimental version of amavisd-new uses a new config schema, but it
looks like it's not completely implemented yet, since we're still reading
the old config file, not the new generated config file.
The old config file w/new Amavis is causing data loss, CLEAN mail messages
are being blocked.
Apr 20 18:24:18 new-insecurity amavis[30740]: (30740-01) Blocked CLEAN,
[140.211.166.43] [140.211.166.43] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>,
Message-ID: <[EMAIL PROTECTED]>, Hits: 0, 1896 ms
I suspect this has to do with SQL, I've attached my diffs from the default
just in case this would help you isolate my weirdness.
(1) (critical issue)
Change amavisd to read the new generated config file, and
squawk loudly that the old config file is not longer used.
You probably need to preserve it somehow during the upgrade
process so the user can reference it, but it should be moved
out of the way and clearly marked, and moved back if downgraded (ow!).
(2) (minor issues)
00-upstream and 10-debian should be in /usr/share/amavisd-new
and should not be conf
(3) 20-debconf probably doesn't belong in /etc...
(4) The generated file doesn't belong in /etc, suggest /var/lib/amavisd-new
Obviously you need to figure out how to handle the mydomainname problem.
(5) Why is clamd commented out? It seems like there are *excessive*
debianizations in 10-debian. Real changes should be forwarded
upstream, 10-debian should be small and just have changes. :-(
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (650, 'testing'), (600, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-686-smp-evms
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages amavisd-new depends on:
ii adduser 3.63 Add and remove users and groups
ii file 4.12-1 Determines file type using "magic"
ii libarchive-tar-perl 1.23-1 Archive::Tar - manipulate tar file
ii libarchive-zip-perl 1.14-1 Module for manipulation of ZIP arc
ii libcompress-zlib-perl 1.34-1 Perl module for creation and manip
ii libconvert-tnef-perl 0.17-4 Perl module to read TNEF files
ii libconvert-uulib-perl 1.0.5.1-1 Perl interface to the uulib librar
pn libdigest-md5-perl Not found.
ii libmailtools-perl 1.62-1 Manipulate email in perl programs
pn libmime-base64-perl Not found.
ii libmime-perl 5.417-1 Perl5 modules for MIME-compliant m
ii libnet-perl 1:1.19-1 Implementation of Internet protoco
ii libnet-server-perl 0.87-3 An extensible, general perl server
ii libunix-syslog-perl 0.100-4 Perl interface to the UNIX syslog(
ii perl [libtime-hires-perl] 5.8.4-8 Larry Wall's Practical Extraction
ii perl-modules [libnet-perl] 5.8.4-8 Core Perl modules
-- no debconf information
--- amavisd.conf.dpkg-dist 2004-11-30 18:14:42.000000000 -0800
+++ amavisd.conf 2005-04-20 18:14:25.000000000 -0700
@@ -2,7 +2,7 @@
# Configuration file for amavisd-new
# Defaults modified for the Debian amavisd-new package
-# $Id: amavisd.conf,v 1.27.2.2 2004/11/18 23:27:55 hmh Exp $
+# $Id: amavisd.conf,v 1.28 2004/12/26 13:16:23 hmh Exp $
#
# This software is licensed under the GNU General Public License (GPL).
# See comments at the start of amavisd-new for the whole license text.
@@ -63,7 +63,7 @@
# $mydomain serves as a quick default for some other configuration settings.
# More refined control is available with each individual setting further down.
# $mydomain is never used directly by the program.
-$mydomain = 'example.com'; # (no useful default)
+$mydomain = 'new-insecurity.home.shockwave.org'; # (no useful default)
# $myhostname = 'host.example.com'; # fqdn of this host, default by uname(3)
@@ -102,8 +102,8 @@
# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
# (set host and port number as required; host can be specified
# as IP address or DNS name (A or CNAME, but MX is ignored)
-#$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail
-#$notify_method = $forward_method; # where to submit notifications
+$forward_method = 'smtp:127.0.0.1:10026'; # where to forward checked mail
+$notify_method = $forward_method; # where to submit notifications
# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST
# uncomment the appropriate settings below if using other setups!
@@ -137,7 +137,7 @@
# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
# master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp
#
-$max_servers = 2; # number of pre-forked children (default 2)
+$max_servers = 5; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
@@ -158,7 +158,7 @@
#
# Any setting can be changed with a new assignment, so make sure
# you do not unintentionally override these settings further down!
[EMAIL PROTECTED] = qw( . ); # No default dependency on spamassassin
+# @bypass_spam_checks_acl = qw( . ); # No default dependency on
spamassassin
# Lookup list of local domains (see README.lookups for syntax details)
#
@@ -212,7 +212,7 @@
# right.
$relayhost_is_client = 0; # (defaults to false)
-$insert_received_line = 1; # behave like MTA: insert 'Received:' header
+$insert_received_line = 0; # behave like MTA: insert 'Received:' header
# (does not apply to sendmail/milter)
# (default is true (1) )
@@ -396,8 +396,8 @@
# and other dual-MTA setups, which can't reject original client SMTP
# session, as the mail has already been enqueued.
-$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE)
-$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
+$final_virus_destiny = D_REJECT; # (defaults to D_BOUNCE)
+$final_banned_destiny = D_REJECT; # (defaults to D_BOUNCE)
$final_spam_destiny = D_REJECT; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
@@ -476,7 +476,7 @@
# $virus_admin = undef; # do not send virus admin notifications (default)
# $virus_admin = {'not.example.com' => '', '.' => '[EMAIL PROTECTED]'};
# $virus_admin = '[EMAIL PROTECTED]';
-$virus_admin = "[EMAIL PROTECTED]"; # due to D_DISCARD default
+# $virus_admin = "[EMAIL PROTECTED]"; # due to D_DISCARD default
# equivalent to $virus_admin, but for spam admin notifications:
# $spam_admin = "[EMAIL PROTECTED]";
@@ -597,7 +597,7 @@
# (the default value is undef, meaning no quarantine)
-$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
+#$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
#$virus_quarantine_to = 'infected@'; # forward to MTA for delivery
#$virus_quarantine_to = "[EMAIL PROTECTED]"; # similar
#$virus_quarantine_to = '[EMAIL PROTECTED]'; # similar
@@ -612,7 +612,7 @@
# similar for spam
# (the default value is undef, meaning no quarantine)
#
-$spam_quarantine_to = 'spam-quarantine';
+#$spam_quarantine_to = 'spam-quarantine';
#$spam_quarantine_to = "[EMAIL PROTECTED]";
#$spam_quarantine_to = new_RE( # per-recip multiple quarantines
# [qr'^(.*)@example\.com$'i => '[EMAIL PROTECTED]'],
@@ -825,6 +825,8 @@
# ('mail' in the example is the database name, choose what you like)
# With PostgreSQL the dsn (first element of the triple) may look like:
# 'DBI:Pg:host=host1;dbname=mail'
[EMAIL PROTECTED] =
+ ( ['DBI:mysql:database=amavis;host=localhost', 'XXXXXX', 'XXXXXX'] );
# The SQL select clause to fetch per-recipient policy settings.
# The %k will be replaced by a comma-separated list of query addresses
@@ -835,6 +837,10 @@
# $sql_select_policy = 'SELECT *,users.id FROM users,policy'.
# ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'.
# ' ORDER BY users.priority DESC';
+
+$sql_select_policy = 'SELECT *,users.id FROM users,policy'.
+ ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'.
+ ' ORDER BY users.priority DESC';
#
# The SQL select clause to check sender in per-recipient whitelist/blacklist
# The first SELECT argument '?' will be users.id from recipient SQL lookup,
@@ -844,7 +850,10 @@
# ' AND (mailaddr.email IN (%k))'.
# ' ORDER BY mailaddr.priority DESC';
-$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
+# $sql_select_white_black_list = undef; # undef disables SQL
white/blacklisting
+$sql_select_white_black_list = 'SELECT wb FROM wblist'.
+ ' WHERE (wblist.rid=?) AND (wblist.email IN (%k))' .
+ ' ORDER BY wblist.priority DESC';
# If you decide to pass viruses (or spam) to certain recipients using the
@@ -1102,8 +1111,8 @@
# If set to 1, SA tests are restricted to local tests only, i.e. no tests
# that require internet access will be performed.
#
-$sa_local_tests_only = 1; # (default: false)
-#$sa_auto_whitelist = 1; # turn on AWL (default: false)
+#$sa_local_tests_only = 1; # (default: false)
+$sa_auto_whitelist = 1; # turn on AWL (default: false)
# Timout for SpamAssassin. This is only used if spamassassin does NOT
# override it (which it often does if sa_local_tests_only is not true)
@@ -1118,9 +1127,9 @@
# default: undef, no limitations
# default values, can be overridden by more specific lookups, e.g. SQL
-$sa_tag_level_deflt = 4.0; # add spam info headers if at, or above that level
-$sa_tag2_level_deflt = 6.3; # add 'spam detected' headers at that level
-$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
+$sa_tag_level_deflt = -1000.0; # add spam info headers if at, or above that
level
+$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
+$sa_kill_level_deflt = 8.0; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine, and adding mail address extension
