Squirrelmail session premature expiration?
Hi, After upgrading some stuff, squirrelmail cannot any more keep its session up. It more or less randomly bombs the logged-in user off, saying: ERROR You must be logged in to access this page. (It comes right after pressing the login button sometimes.) Anyone seen/fixed this? I run a fresh Debian unstable with apache 1.3.29.0.1-3 php4 4.3.3-4 squirrelmail 1.4.2-1 Thanks a lot! Sz. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Postfix-mysql-procmail
Hello, I currently have a properly working postfix-mysql setup. This all works fine, but I would like to implement an autoresponder/other stuff. The problem is, that for example procmail doesn't seem to work with virtual users. I have added "mailbox_command = /usr/bin/procmail ". But this line is completely ignored :( Maybe someone here can help me avoid writing ugly bash scripts to do the job ;) Thanks in advance, Robert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix-mysql-procmail
On Sat, Jan 10, 2004 at 03:17:16PM +0100, Robert Hensel wrote: > Hello, > > I currently have a properly working postfix-mysql setup. This all works > fine, but I would like to implement an autoresponder/other stuff. The > problem is, that for example procmail doesn't seem to work with virtual > users. I have added "mailbox_command = /usr/bin/procmail ". But this > line is completely ignored :( > > Maybe someone here can help me avoid writing ugly bash scripts to do the > job ;) > > Thanks in advance, > Robert > I have no experience with virtual users in mysql, but when switching from exim, i found that postfix consults .forward before .procmailrc And I'm not sure if procmail supports this setup. -- Frode Haugsgjerd Norway -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix-mysql-procmail
On January 10, 2004 09:17 am, Robert Hensel wrote: > I currently have a properly working postfix-mysql setup. This all works > fine, but I would like to implement an autoresponder/other stuff. The > problem is, that for example procmail doesn't seem to work with virtual > users. I have added "mailbox_command = /usr/bin/procmail ". But this > line is completely ignored :( > > Maybe someone here can help me avoid writing ugly bash scripts to do the > job ;) The virtual delivery agent doesn't support procmail, .forward files, etc. I believe you have no choice but to do some scripting (it can be ugly if you insist ;-) I'll assume that your talking about an email setup similar to the one described at http://kirb.insanegenius.net/postfix.html ? The only way that I can think of to do things like mail filtering, out of office, etc. is by having a virtual map entry that forwards the email to an alias as well as to the original user: [EMAIL PROTECTED] [EMAIL PROTECTED],fraser-filters In the aliases file (which could be managed in mysql still) you would have the alias fraser-filters pipe to a command that does whatever magic you need. This might already be what you were thinking of? I haven't tried this but it's the easiest way that I can think of supporting mail filtering, out of office and such. You can also write postfix filters which might have advantages. If you find anything please followup here as it's something I think a lot of people might be interested in. -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
replacing sanitizer w/ amavisd-new
Right now we use sanitizer (stable package) to call a virus scanner and to strip script,img, style, etc tags We're thinking of switching to amavisd-new (unstable) and clamav (testing) because while sanitizer strips out the virus, it still passes the junk message through. We'd like to be able to drop virus infected messages to the floor. Another (very minor) consideration is that sanitizer is not a daemon and pays a speed penalty every time it is launched. The problem I see looking at the docs is that amavisd-new doesn't strip out potentially evil html. The direction, we're drifting is to run sanitizer after amavisd-new. (I think postfix can run filters in sequence) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Squirrelmail session premature expiration?
On Sat, 2004-01-10 at 06:07, Luna Kid wrote: > Hi, > > After upgrading some stuff, squirrelmail cannot any > more keep its session up. It more or less randomly > bombs the logged-in user off, saying: > > ERROR > You must be logged in to access this page. > > (It comes right after pressing the login button sometimes.) > > Anyone seen/fixed this? > There are a lot of things to double-check, suggestions to try, etc. at: http://www.squirrelmail.org/wiki/en_US/BrowseProblemsByError - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com signature.asc Description: This is a digitally signed message part
Re: Postfix-mysql-procmail
On Sun, 11 Jan 2004 01:17, Robert Hensel <[EMAIL PROTECTED]> wrote: > I currently have a properly working postfix-mysql setup. This all works > fine, but I would like to implement an autoresponder/other stuff. The > problem is, that for example procmail doesn't seem to work with virtual > users. I have added "mailbox_command = /usr/bin/procmail ". But this > line is completely ignored :( The most important thing about auto-responders is that they implement the regex described in procmailrc(5) as FROM_DAEMON. If you do this by scripts then make sure that the script does such a regular expression check. Otherwise you will inevitably end up with people forgetting to unsubscribe from mailing lists and sending vacation messages to every person who posts to the list (thus getting you lots of flames). Also think very carefully about whether you want an auto-responder, it will respond to spam and send messages to innocent third parties. Such a program can easily get you hundreds of flames per hour... I've been thinking about alternate solutions to this problem. One option is to send a 45x code in response to the message (determined by combination of "mail from:" and "rcpt to:") for a period of 4 hours with a message about why the mail is being diverted etc, then accepting it after that. 4 hours is enough time for most mail servers to generate a warning email based on the 45x code. Another option is to receive the entire message, accept it for delivery but instead of a 25x give a 55x code with a message saying "this message was delivered, but please note that the account holder is on vacation". These methods should allow the vacation message to reliably go only to the originator of the message (or to no-one if it's a spam). However they do require that a new proxy program be written to receive the mail as no existing software (AFAIK) is capable of doing it. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: replacing sanitizer w/ amavisd-new
Might I suggest MailScanner? For me it's been MUCH more reliable and flexible. In fact I'm gearing up to replace amavisd-new with MailScanner at work. We've run into some bugs with the latest version (4.24 specifically), but the verison I'm using on FreeBSD 4.22.5 is solid, and the version in debian stable 3.13.2 should also be very solid. It works with a slew of AV scanners,a nd integrating with one it doesn't support natively is simple as editing a few files. The thing has about 1000 some odd settings though so it can be daunting to set up. --On Saturday, January 10, 2004 15:12 -0500 Dan MacNeil <[EMAIL PROTECTED]> wrote: Right now we use sanitizer (stable package) to call a virus scanner and to strip script,img, style, etc tags We're thinking of switching to amavisd-new (unstable) and clamav (testing) because while sanitizer strips out the virus, it still passes the junk message through. We'd like to be able to drop virus infected messages to the floor. Another (very minor) consideration is that sanitizer is not a daemon and pays a speed penalty every time it is launched. The problem I see looking at the docs is that amavisd-new doesn't strip out potentially evil html. The direction, we're drifting is to run sanitizer after amavisd-new. (I think postfix can run filters in sequence) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Michael Loftis Modwest Sr. Systems Administrator Powerful, Affordable Web Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: replacing sanitizer w/ amavisd-new
Thanks for your reply. > Might I suggest MailScanner? You might, some specific problems with amavisd-new that aren't present in MailScanner might be even more helpful. At: http://www.geocities.com/scottlhenderson/spamfilter.html they say: # mailscanner system, works with Postfix and other MTAs. This uses unsupported methods to manipulate Postfix queue files, and there are multiple reports of message duplication and/or delivery of truncated messages. # On Sat, 10 Jan 2004, Michael Loftis wrote: > Might I suggest MailScanner? For me it's been MUCH more reliable and > flexible. In fact I'm gearing up to replace amavisd-new with MailScanner > at work. We've run into some bugs with the latest version (4.24 > specifically), but the verison I'm using on FreeBSD 4.22.5 is solid, and > the version in debian stable 3.13.2 should also be very solid. > > It works with a slew of AV scanners,a nd integrating with one it doesn't > support natively is simple as editing a few files. The thing has about > 1000 some odd settings though so it can be daunting to set up. > > --On Saturday, January 10, 2004 15:12 -0500 Dan MacNeil > <[EMAIL PROTECTED]> wrote: > > > > > Right now we use sanitizer (stable package) to call a virus scanner and to > > strip script,img, style, etc tags > > > > We're thinking of switching to amavisd-new (unstable) and clamav (testing) > > because while sanitizer strips out the virus, it still passes the junk > > message through. We'd like to be able to drop virus infected messages to > > the floor. Another (very minor) consideration is that sanitizer is not a > > daemon and pays a speed penalty every time it is launched. > > > > The problem I see looking at the docs is that amavisd-new doesn't strip > > out potentially evil html. > > > > The direction, we're drifting is to run sanitizer after amavisd-new. (I > > think postfix can run filters in sequence) > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > > > > -- > Michael Loftis > Modwest Sr. Systems Administrator > Powerful, Affordable Web Hosting > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: replacing sanitizer w/ amavisd-new
--On Saturday, January 10, 2004 21:53 -0500 Dan MacNeil <[EMAIL PROTECTED]> wrote: Thanks for your reply. Might I suggest MailScanner? You might, some specific problems with amavisd-new that aren't present in MailScanner might be even more helpful. At: http://www.geocities.com/scottlhenderson/spamfilter.html they say: # mailscanner system, works with Postfix and other MTAs. This uses unsupported methods to manipulate Postfix queue files, and there are multiple reports of message duplication and/or delivery of truncated messages. It isn't exactly supported nor unsupportedBasically it relies on the fact that postfix can be told to use deferred transports on inbound, automatically forcing everything to go into the deferred queue. You run one copy of postfix in that mode. Another in a normal mode, minus smtp/incoming mail. I haven't had any problems with truncated email nor duplicate deliveries at all with recent-ish Postfix. MAilscanner monitors the deferred queue, pulling messages out of there and working on them, putting them into the inbound pickup area on the other postfix instance after processing. The sytem works well and is quick. I don't see how postfix could be responsible for multiple deliveries in this scenario, nor how mailscanner would cause it. The only time that sort of thing would happen is for people who don't follow the instructions and don't put the three queues (mailscanner, inbound postfix, outbound postfix) on the same partition/filesystem. This is a MUST. mailscanner simply relinks the files into/out of work areas, this is fast, and atomic, assuming it's on the same filesystem. Otherwise if it's not the same filesystem you have to copy to/from staging areas to achieve the atomicity. MailScanner catches about 30% more 'dangerous content' and virii than amavisd-new given the same virus scanner because MS seems to unpack more thoroughly/properly. MS supports/integrates the update system of all the virus scanners it supports negating the need to run a separate update cronjob all the time. MS supports throttles, amavisd does not, and so MS will be much nicer to an overloaded/very briskly loaded system than amavisd. amvisd requires copying the message multiple times, MS reduces this by using the link/unlink method that all mailservers use nowadays internally to their queues. MS does require running two separate copies of postfix, that amavisd does not. There's a point for amavis. amavis eliminates unnecesary code from the resultant script at ./configure time, MailScanner doesn't. That said though MailScanner seems to work faster on my system. Not sure how much else to go on about this. -- Michael Loftis Modwest Sr. Systems Administrator Powerful, Affordable Web Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix-mysql-procmail
This one time, at band camp, Russell Coker said: > Another option is to receive the entire message, accept it for delivery but > instead of a 25x give a 55x code with a message saying "this message was > delivered, but please note that the account holder is on vacation". > > These methods should allow the vacation message to reliably go only to the > originator of the message (or to no-one if it's a spam). However they do > require that a new proxy program be written to receive the mail as no > existing software (AFAIK) is capable of doing it. I think you can do something like this with /etc/aliases, although I am no expert. exim uses a real-$local_part in the standard configuration to bypass aliasing, so an entry could be added like: testuser: real-testuser, :fail: On vacation Just tested and this is what I see: 2004-01-10 22:44:23 1AfWWV-dZ-Mc <= [EMAIL PROTECTED] U=steve P=local S=313 I send the message with mail 2004-01-10 22:44:23 1AfWWV-dZ-Mc ** [EMAIL PROTECTED] R=system_aliases: It generates an error 2004-01-10 22:44:23 1AfWWV-dZ-Mc => testuser <[EMAIL PROTECTED]> R=real_local T=maildir_home And then gets really deliverd to testuse 2004-01-10 22:44:23 1AfWWV-dc-Rh <= <> R=1AfWWV-dZ-Mc U=Debian-exim P=local S=1102 2004-01-10 22:44:23 1AfWWV-dZ-Mc Completed 2004-01-10 22:44:24 1AfWWV-dc-Rh => steve <[EMAIL PROTECTED]> R=procmail T=procmail_pipe 2004-01-10 22:44:24 1AfWWV-dc-Rh Completed And the bounce goes to me with the text noted. I don't know what your MTA allows, but this works here. HTH, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgp0.pgp Description: PGP signature
Re: replacing sanitizer w/ amavisd-new
Thanks for your discussion. One correction, the muttering about "unsupported methods" is actually from: http://www.postfix.org/addon.html#content which is perhaps slightly more creditable than geocities. Googling around a bit I got this thread with thoughts from one of the main developers (Wietse Venema) http://archives.neohapsis.com/archives/postfix/2003-08/0511.html http://archives.neohapsis.com/archives/postfix/2003-08/0513.html http://archives.neohapsis.com/archives/postfix/2003-08/0514.html http://archives.neohapsis.com/archives/postfix/2003-08/0515.html http://archives.neohapsis.com/archives/postfix/2003-08/0522.html http://archives.neohapsis.com/archives/postfix/2003-08/0595.html [the threading at the archive was not good so I included links to whole thread] I might feel differently if our server was heavily burdened, but the prospect of breaking things with an upgrade to postfix not worth the speed. 3 On Sat, 10 Jan 2004, Michael Loftis wrote: > > > --On Saturday, January 10, 2004 21:53 -0500 Dan MacNeil > <[EMAIL PROTECTED]> wrote: > > > > > Thanks for your reply. > > > >> Might I suggest MailScanner? > > > > You might, some specific problems with amavisd-new that aren't present in > > MailScanner might be even more helpful. > > > > At: > > http://www.geocities.com/scottlhenderson/spamfilter.html > > > > they say: > > > ># mailscanner system, works with Postfix and other MTAs. This > > uses unsupported methods to manipulate Postfix queue files, and there are > > multiple reports of message duplication and/or delivery of truncated > > messages. > > It isn't exactly supported nor unsupportedBasically it relies on the > fact that postfix can be told to use deferred transports on inbound, > automatically forcing everything to go into the deferred queue. You run > one copy of postfix in that mode. Another in a normal mode, minus > smtp/incoming mail. I haven't had any problems with truncated email nor > duplicate deliveries at all with recent-ish Postfix. MAilscanner monitors > the deferred queue, pulling messages out of there and working on them, > putting them into the inbound pickup area on the other postfix instance > after processing. The sytem works well and is quick. > > I don't see how postfix could be responsible for multiple deliveries in > this scenario, nor how mailscanner would cause it. The only time that sort > of thing would happen is for people who don't follow the instructions and > don't put the three queues (mailscanner, inbound postfix, outbound postfix) > on the same partition/filesystem. This is a MUST. mailscanner simply > relinks the files into/out of work areas, this is fast, and atomic, > assuming it's on the same filesystem. Otherwise if it's not the same > filesystem you have to copy to/from staging areas to achieve the atomicity. > > > MailScanner catches about 30% more 'dangerous content' and virii than > amavisd-new given the same virus scanner because MS seems to unpack more > thoroughly/properly. MS supports/integrates the update system of all the > virus scanners it supports negating the need to run a separate update > cronjob all the time. MS supports throttles, amavisd does not, and so MS > will be much nicer to an overloaded/very briskly loaded system than > amavisd. amvisd requires copying the message multiple times, MS reduces > this by using the link/unlink method that all mailservers use nowadays > internally to their queues. > > MS does require running two separate copies of postfix, that amavisd does > not. There's a point for amavis. amavis eliminates unnecesary code from > the resultant script at ./configure time, MailScanner doesn't. That said > though MailScanner seems to work faster on my system. > > Not sure how much else to go on about this. > > -- > Michael Loftis > Modwest Sr. Systems Administrator > Powerful, Affordable Web Hosting > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: replacing sanitizer w/ amavisd-new
mailscanner supports more than just postfix though. exim, sendmail, and zmailer are all on the list. I'd imagine one could make it work somehow with qmail too if you're brave enough to be using qmail. I don't know where in the discussion anyone said that you could only use mailscanner with postfix. perhaps you should check the mailscanner homepage at http://www.mailscanner.info/ --On Saturday, January 10, 2004 23:59 -0500 Dan MacNeil <[EMAIL PROTECTED]> wrote: Thanks for your discussion. One correction, the muttering about "unsupported methods" is actually from: http://www.postfix.org/addon.html#content which is perhaps slightly more creditable than geocities. Googling around a bit I got this thread with thoughts from one of the main developers (Wietse Venema) http://archives.neohapsis.com/archives/postfix/2003-08/0511.html http://archives.neohapsis.com/archives/postfix/2003-08/0513.html http://archives.neohapsis.com/archives/postfix/2003-08/0514.html http://archives.neohapsis.com/archives/postfix/2003-08/0515.html http://archives.neohapsis.com/archives/postfix/2003-08/0522.html http://archives.neohapsis.com/archives/postfix/2003-08/0595.html [the threading at the archive was not good so I included links to whole thread] I might feel differently if our server was heavily burdened, but the prospect of breaking things with an upgrade to postfix not worth the speed. -- Michael Loftis Modwest Sr. Systems Administrator Powerful, Affordable Web Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Squirrelmail session premature expiration?
Hi, After upgrading some stuff, squirrelmail cannot any more keep its session up. It more or less randomly bombs the logged-in user off, saying: ERROR You must be logged in to access this page. (It comes right after pressing the login button sometimes.) Anyone seen/fixed this? I run a fresh Debian unstable with apache 1.3.29.0.1-3 php4 4.3.3-4 squirrelmail 1.4.2-1 Thanks a lot! Sz.
Postfix-mysql-procmail
Hello, I currently have a properly working postfix-mysql setup. This all works fine, but I would like to implement an autoresponder/other stuff. The problem is, that for example procmail doesn't seem to work with virtual users. I have added "mailbox_command = /usr/bin/procmail ". But this line is completely ignored :( Maybe someone here can help me avoid writing ugly bash scripts to do the job ;) Thanks in advance, Robert
Re: Squirrelmail session premature expiration?
On Sat, 2004-01-10 at 06:07, Luna Kid wrote: > Hi, > > After upgrading some stuff, squirrelmail cannot any > more keep its session up. It more or less randomly > bombs the logged-in user off, saying: > > ERROR > You must be logged in to access this page. > > (It comes right after pressing the login button sometimes.) > > Anyone seen/fixed this? > There are a lot of things to double-check, suggestions to try, etc. at: http://www.squirrelmail.org/wiki/en_US/BrowseProblemsByError - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com signature.asc Description: This is a digitally signed message part
replacing sanitizer w/ amavisd-new
Right now we use sanitizer (stable package) to call a virus scanner and to strip script,img, style, etc tags We're thinking of switching to amavisd-new (unstable) and clamav (testing) because while sanitizer strips out the virus, it still passes the junk message through. We'd like to be able to drop virus infected messages to the floor. Another (very minor) consideration is that sanitizer is not a daemon and pays a speed penalty every time it is launched. The problem I see looking at the docs is that amavisd-new doesn't strip out potentially evil html. The direction, we're drifting is to run sanitizer after amavisd-new. (I think postfix can run filters in sequence)
Re: Postfix-mysql-procmail
On Sat, Jan 10, 2004 at 03:17:16PM +0100, Robert Hensel wrote: > Hello, > > I currently have a properly working postfix-mysql setup. This all works > fine, but I would like to implement an autoresponder/other stuff. The > problem is, that for example procmail doesn't seem to work with virtual > users. I have added "mailbox_command = /usr/bin/procmail ". But this > line is completely ignored :( > > Maybe someone here can help me avoid writing ugly bash scripts to do the > job ;) > > Thanks in advance, > Robert > I have no experience with virtual users in mysql, but when switching from exim, i found that postfix consults .forward before .procmailrc And I'm not sure if procmail supports this setup. -- Frode Haugsgjerd Norway
Re: replacing sanitizer w/ amavisd-new
Thanks for your discussion. One correction, the muttering about "unsupported methods" is actually from: http://www.postfix.org/addon.html#content which is perhaps slightly more creditable than geocities. Googling around a bit I got this thread with thoughts from one of the main developers (Wietse Venema) http://archives.neohapsis.com/archives/postfix/2003-08/0511.html http://archives.neohapsis.com/archives/postfix/2003-08/0513.html http://archives.neohapsis.com/archives/postfix/2003-08/0514.html http://archives.neohapsis.com/archives/postfix/2003-08/0515.html http://archives.neohapsis.com/archives/postfix/2003-08/0522.html http://archives.neohapsis.com/archives/postfix/2003-08/0595.html [the threading at the archive was not good so I included links to whole thread] I might feel differently if our server was heavily burdened, but the prospect of breaking things with an upgrade to postfix not worth the speed. 3 On Sat, 10 Jan 2004, Michael Loftis wrote: > > > --On Saturday, January 10, 2004 21:53 -0500 Dan MacNeil > <[EMAIL PROTECTED]> wrote: > > > > > Thanks for your reply. > > > >> Might I suggest MailScanner? > > > > You might, some specific problems with amavisd-new that aren't present in > > MailScanner might be even more helpful. > > > > At: > > http://www.geocities.com/scottlhenderson/spamfilter.html > > > > they say: > > > ># mailscanner system, works with Postfix and other MTAs. This > > uses unsupported methods to manipulate Postfix queue files, and there are > > multiple reports of message duplication and/or delivery of truncated > > messages. > > It isn't exactly supported nor unsupportedBasically it relies on the > fact that postfix can be told to use deferred transports on inbound, > automatically forcing everything to go into the deferred queue. You run > one copy of postfix in that mode. Another in a normal mode, minus > smtp/incoming mail. I haven't had any problems with truncated email nor > duplicate deliveries at all with recent-ish Postfix. MAilscanner monitors > the deferred queue, pulling messages out of there and working on them, > putting them into the inbound pickup area on the other postfix instance > after processing. The sytem works well and is quick. > > I don't see how postfix could be responsible for multiple deliveries in > this scenario, nor how mailscanner would cause it. The only time that sort > of thing would happen is for people who don't follow the instructions and > don't put the three queues (mailscanner, inbound postfix, outbound postfix) > on the same partition/filesystem. This is a MUST. mailscanner simply > relinks the files into/out of work areas, this is fast, and atomic, > assuming it's on the same filesystem. Otherwise if it's not the same > filesystem you have to copy to/from staging areas to achieve the atomicity. > > > MailScanner catches about 30% more 'dangerous content' and virii than > amavisd-new given the same virus scanner because MS seems to unpack more > thoroughly/properly. MS supports/integrates the update system of all the > virus scanners it supports negating the need to run a separate update > cronjob all the time. MS supports throttles, amavisd does not, and so MS > will be much nicer to an overloaded/very briskly loaded system than > amavisd. amvisd requires copying the message multiple times, MS reduces > this by using the link/unlink method that all mailservers use nowadays > internally to their queues. > > MS does require running two separate copies of postfix, that amavisd does > not. There's a point for amavis. amavis eliminates unnecesary code from > the resultant script at ./configure time, MailScanner doesn't. That said > though MailScanner seems to work faster on my system. > > Not sure how much else to go on about this. > > -- > Michael Loftis > Modwest Sr. Systems Administrator > Powerful, Affordable Web Hosting >
Re: replacing sanitizer w/ amavisd-new
mailscanner supports more than just postfix though. exim, sendmail, and zmailer are all on the list. I'd imagine one could make it work somehow with qmail too if you're brave enough to be using qmail. I don't know where in the discussion anyone said that you could only use mailscanner with postfix. perhaps you should check the mailscanner homepage at http://www.mailscanner.info/ --On Saturday, January 10, 2004 23:59 -0500 Dan MacNeil <[EMAIL PROTECTED]> wrote: Thanks for your discussion. One correction, the muttering about "unsupported methods" is actually from: http://www.postfix.org/addon.html#content which is perhaps slightly more creditable than geocities. Googling around a bit I got this thread with thoughts from one of the main developers (Wietse Venema) http://archives.neohapsis.com/archives/postfix/2003-08/0511.html http://archives.neohapsis.com/archives/postfix/2003-08/0513.html http://archives.neohapsis.com/archives/postfix/2003-08/0514.html http://archives.neohapsis.com/archives/postfix/2003-08/0515.html http://archives.neohapsis.com/archives/postfix/2003-08/0522.html http://archives.neohapsis.com/archives/postfix/2003-08/0595.html [the threading at the archive was not good so I included links to whole thread] I might feel differently if our server was heavily burdened, but the prospect of breaking things with an upgrade to postfix not worth the speed. -- Michael Loftis Modwest Sr. Systems Administrator Powerful, Affordable Web Hosting
Re: Postfix-mysql-procmail
On January 10, 2004 09:17 am, Robert Hensel wrote: > I currently have a properly working postfix-mysql setup. This all works > fine, but I would like to implement an autoresponder/other stuff. The > problem is, that for example procmail doesn't seem to work with virtual > users. I have added "mailbox_command = /usr/bin/procmail ". But this > line is completely ignored :( > > Maybe someone here can help me avoid writing ugly bash scripts to do the > job ;) The virtual delivery agent doesn't support procmail, .forward files, etc. I believe you have no choice but to do some scripting (it can be ugly if you insist ;-) I'll assume that your talking about an email setup similar to the one described at http://kirb.insanegenius.net/postfix.html ? The only way that I can think of to do things like mail filtering, out of office, etc. is by having a virtual map entry that forwards the email to an alias as well as to the original user: [EMAIL PROTECTED] [EMAIL PROTECTED],fraser-filters In the aliases file (which could be managed in mysql still) you would have the alias fraser-filters pipe to a command that does whatever magic you need. This might already be what you were thinking of? I haven't tried this but it's the easiest way that I can think of supporting mail filtering, out of office and such. You can also write postfix filters which might have advantages. If you find anything please followup here as it's something I think a lot of people might be interested in. -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux
Re: Postfix-mysql-procmail
On Sun, 11 Jan 2004 01:17, Robert Hensel <[EMAIL PROTECTED]> wrote: > I currently have a properly working postfix-mysql setup. This all works > fine, but I would like to implement an autoresponder/other stuff. The > problem is, that for example procmail doesn't seem to work with virtual > users. I have added "mailbox_command = /usr/bin/procmail ". But this > line is completely ignored :( The most important thing about auto-responders is that they implement the regex described in procmailrc(5) as FROM_DAEMON. If you do this by scripts then make sure that the script does such a regular expression check. Otherwise you will inevitably end up with people forgetting to unsubscribe from mailing lists and sending vacation messages to every person who posts to the list (thus getting you lots of flames). Also think very carefully about whether you want an auto-responder, it will respond to spam and send messages to innocent third parties. Such a program can easily get you hundreds of flames per hour... I've been thinking about alternate solutions to this problem. One option is to send a 45x code in response to the message (determined by combination of "mail from:" and "rcpt to:") for a period of 4 hours with a message about why the mail is being diverted etc, then accepting it after that. 4 hours is enough time for most mail servers to generate a warning email based on the 45x code. Another option is to receive the entire message, accept it for delivery but instead of a 25x give a 55x code with a message saying "this message was delivered, but please note that the account holder is on vacation". These methods should allow the vacation message to reliably go only to the originator of the message (or to no-one if it's a spam). However they do require that a new proxy program be written to receive the mail as no existing software (AFAIK) is capable of doing it. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: replacing sanitizer w/ amavisd-new
--On Saturday, January 10, 2004 21:53 -0500 Dan MacNeil <[EMAIL PROTECTED]> wrote: Thanks for your reply. Might I suggest MailScanner? You might, some specific problems with amavisd-new that aren't present in MailScanner might be even more helpful. At: http://www.geocities.com/scottlhenderson/spamfilter.html they say: # mailscanner system, works with Postfix and other MTAs. This uses unsupported methods to manipulate Postfix queue files, and there are multiple reports of message duplication and/or delivery of truncated messages. It isn't exactly supported nor unsupportedBasically it relies on the fact that postfix can be told to use deferred transports on inbound, automatically forcing everything to go into the deferred queue. You run one copy of postfix in that mode. Another in a normal mode, minus smtp/incoming mail. I haven't had any problems with truncated email nor duplicate deliveries at all with recent-ish Postfix. MAilscanner monitors the deferred queue, pulling messages out of there and working on them, putting them into the inbound pickup area on the other postfix instance after processing. The sytem works well and is quick. I don't see how postfix could be responsible for multiple deliveries in this scenario, nor how mailscanner would cause it. The only time that sort of thing would happen is for people who don't follow the instructions and don't put the three queues (mailscanner, inbound postfix, outbound postfix) on the same partition/filesystem. This is a MUST. mailscanner simply relinks the files into/out of work areas, this is fast, and atomic, assuming it's on the same filesystem. Otherwise if it's not the same filesystem you have to copy to/from staging areas to achieve the atomicity. MailScanner catches about 30% more 'dangerous content' and virii than amavisd-new given the same virus scanner because MS seems to unpack more thoroughly/properly. MS supports/integrates the update system of all the virus scanners it supports negating the need to run a separate update cronjob all the time. MS supports throttles, amavisd does not, and so MS will be much nicer to an overloaded/very briskly loaded system than amavisd. amvisd requires copying the message multiple times, MS reduces this by using the link/unlink method that all mailservers use nowadays internally to their queues. MS does require running two separate copies of postfix, that amavisd does not. There's a point for amavis. amavis eliminates unnecesary code from the resultant script at ./configure time, MailScanner doesn't. That said though MailScanner seems to work faster on my system. Not sure how much else to go on about this. -- Michael Loftis Modwest Sr. Systems Administrator Powerful, Affordable Web Hosting
Re: replacing sanitizer w/ amavisd-new
Might I suggest MailScanner? For me it's been MUCH more reliable and flexible. In fact I'm gearing up to replace amavisd-new with MailScanner at work. We've run into some bugs with the latest version (4.24 specifically), but the verison I'm using on FreeBSD 4.22.5 is solid, and the version in debian stable 3.13.2 should also be very solid. It works with a slew of AV scanners,a nd integrating with one it doesn't support natively is simple as editing a few files. The thing has about 1000 some odd settings though so it can be daunting to set up. --On Saturday, January 10, 2004 15:12 -0500 Dan MacNeil <[EMAIL PROTECTED]> wrote: Right now we use sanitizer (stable package) to call a virus scanner and to strip script,img, style, etc tags We're thinking of switching to amavisd-new (unstable) and clamav (testing) because while sanitizer strips out the virus, it still passes the junk message through. We'd like to be able to drop virus infected messages to the floor. Another (very minor) consideration is that sanitizer is not a daemon and pays a speed penalty every time it is launched. The problem I see looking at the docs is that amavisd-new doesn't strip out potentially evil html. The direction, we're drifting is to run sanitizer after amavisd-new. (I think postfix can run filters in sequence) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Michael Loftis Modwest Sr. Systems Administrator Powerful, Affordable Web Hosting
Re: Postfix-mysql-procmail
This one time, at band camp, Russell Coker said: > Another option is to receive the entire message, accept it for delivery but > instead of a 25x give a 55x code with a message saying "this message was > delivered, but please note that the account holder is on vacation". > > These methods should allow the vacation message to reliably go only to the > originator of the message (or to no-one if it's a spam). However they do > require that a new proxy program be written to receive the mail as no > existing software (AFAIK) is capable of doing it. I think you can do something like this with /etc/aliases, although I am no expert. exim uses a real-$local_part in the standard configuration to bypass aliasing, so an entry could be added like: testuser: real-testuser, :fail: On vacation Just tested and this is what I see: 2004-01-10 22:44:23 1AfWWV-dZ-Mc <= [EMAIL PROTECTED] U=steve P=local S=313 I send the message with mail 2004-01-10 22:44:23 1AfWWV-dZ-Mc ** [EMAIL PROTECTED] R=system_aliases: It generates an error 2004-01-10 22:44:23 1AfWWV-dZ-Mc => testuser <[EMAIL PROTECTED]> R=real_local T=maildir_home And then gets really deliverd to testuse 2004-01-10 22:44:23 1AfWWV-dc-Rh <= <> R=1AfWWV-dZ-Mc U=Debian-exim P=local S=1102 2004-01-10 22:44:23 1AfWWV-dZ-Mc Completed 2004-01-10 22:44:24 1AfWWV-dc-Rh => steve <[EMAIL PROTECTED]> R=procmail T=procmail_pipe 2004-01-10 22:44:24 1AfWWV-dc-Rh Completed And the bounce goes to me with the text noted. I don't know what your MTA allows, but this works here. HTH, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgpOKeLhaeWsS.pgp Description: PGP signature
Re: replacing sanitizer w/ amavisd-new
Thanks for your reply. > Might I suggest MailScanner? You might, some specific problems with amavisd-new that aren't present in MailScanner might be even more helpful. At: http://www.geocities.com/scottlhenderson/spamfilter.html they say: # mailscanner system, works with Postfix and other MTAs. This uses unsupported methods to manipulate Postfix queue files, and there are multiple reports of message duplication and/or delivery of truncated messages. # On Sat, 10 Jan 2004, Michael Loftis wrote: > Might I suggest MailScanner? For me it's been MUCH more reliable and > flexible. In fact I'm gearing up to replace amavisd-new with MailScanner > at work. We've run into some bugs with the latest version (4.24 > specifically), but the verison I'm using on FreeBSD 4.22.5 is solid, and > the version in debian stable 3.13.2 should also be very solid. > > It works with a slew of AV scanners,a nd integrating with one it doesn't > support natively is simple as editing a few files. The thing has about > 1000 some odd settings though so it can be daunting to set up. > > --On Saturday, January 10, 2004 15:12 -0500 Dan MacNeil > <[EMAIL PROTECTED]> wrote: > > > > > Right now we use sanitizer (stable package) to call a virus scanner and to > > strip script,img, style, etc tags > > > > We're thinking of switching to amavisd-new (unstable) and clamav (testing) > > because while sanitizer strips out the virus, it still passes the junk > > message through. We'd like to be able to drop virus infected messages to > > the floor. Another (very minor) consideration is that sanitizer is not a > > daemon and pays a speed penalty every time it is launched. > > > > The problem I see looking at the docs is that amavisd-new doesn't strip > > out potentially evil html. > > > > The direction, we're drifting is to run sanitizer after amavisd-new. (I > > think postfix can run filters in sequence) > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > > > > -- > Michael Loftis > Modwest Sr. Systems Administrator > Powerful, Affordable Web Hosting > > >
