Re: [AMaViS-user] how to pernamently delete spam messages with spam level over 12?
Gary Buckmaster
> The message was marked as a spam by spamassassin and quarantined by
> amavis in quarantined folder (/var/virusmails). Then manually I have
> find out, that it was "false positive". How can I simply deliver this
> mail to it's receipent? Do I need to create a new message and send a
> "false postive" mail as a attachement? Is there any way to automate
> this process?
This has been covered extensively on this list. Search the archives
for a thread about re-injecting quarantined messages.
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaVi...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Sizar
I have two questions, that I couldn't find answer in Amavis
documentation, FAQ and this group.=20
First one:
How to configure amavis (with spamassassin) to pernamently delete all
spam messages that has spam level over for example 12?
Second one:
The message was marked as a spam by spamassassin and quarantined by
amavis in quarantined folder (/var/virusmails). Then manually I have
find out, that it was "false positive". How can I simply deliver this
mail to it's receipent? Do I need to create a new message and send a
"false postive" mail as a attachement? Is there any way to automate
this process?
Ps. Sorry for my english :)
Sizar
Daniel Luttermann
> Hi,
> I have two questions, that I couldn't find answer in Amavis
> documentation, FAQ and this group.
> First one:
> How to configure amavis (with spamassassin) to pernamently delete all
> spam messages that has spam level over for example 12?
The easiest way is to configure these settings in amavisd.conf:
$final_spam_destiny = D_DISCARD; (no bounces, no delivery)
$sa_kill_level_deflt = 12.0; (or higher, if you you delete messages)
$spam_quarantine_to = ''; (standard setting is "local quarantine)
> Second one:
> The message was marked as a spam by spamassassin and quarantined by
> amavis in quarantined folder (/var/virusmails). Then manually I have
> find out, that it was "false positive". How can I simply deliver this
> mail to it's receipent? Do I need to create a new message and send a
> "false postive" mail as a attachement? Is there any way to automate
> this process?
I think a quick solution is to work with mini sendmail. See
http://marc.theaimsgroup.com/?l=amavis-user&m=109692870917403&w=2
in the same discussion you'll find a little perl script.
http://marc.theaimsgroup.com/?l=amavis-user&m=109693215716537&w=2
--
Best Regards
Daniel Luttermann
ama...@mikecappella.com
Sure, no problem. Here are some the bash items I use. Place in your
.bashrc.
---
# bashrc stuff
# bash auto-complete for listing or cycling through spam on cmd line
# requires menu-complete binding in .inputrc or bind cmd in .bashrc
# set show-all-if-ambiguous On
# "\M-i": menu-complete
# "\C-i": complete
complete -o filenames -G '/var/spool/amavis/quarantine/spam-*' see
# requeues mail incorrectly classified as SPAM ; run ham first
function requeue {
if [ $# -ne 2 ] ; then
echo 'Usage: requeue <username> <message>'
return 1
fi
file=`basename "$2" .gz`
if [ $file = "$2" ] ; then
prog=cat; args=
else
prog=gzip; args="-dc"
file=$2
fi
( cd /var/spool/amavis/quarantine ;
$prog $args "$file" | /usr/local/bin/smtpclient --with-headers -S
localhost -P 10025 "$1" ;
mv "$file" /var/spool/amavis/quarantine/delivered/
)
}
# Examine a spam message
function see {
[ -z "$1" ] && return 1
( cd /var/spool/amavis/quarantine && gzip -dc "$1" | less -cs -p
'^Subject|^To:|^From:' )
}
# report a message as spam
function spam {
[ -z "$1" ] && return 1
gzip -dc "$1" | (sudo -H -u amavis spamassassin --report ) && rm -i "$1"
}
# ham'ify a message already auto-learned as spam
function ham {
[ -z "$1" ] && return 1
gzip -dc "$1" | (sudo -H -u amavis sa-learn --ham --no-sync )
}
# sync the database
function sa-sync {
sudo -H -u amavis sa-learn --sync --force-expire
}
# Report Spam, and save to Archive directory (must exist) for a while,
# just in case. Clear out periodically via cron
function spamclean {
pushd /var/spool/amavis/quarantine/Spam
for i in *.gz ; do
echo $i;
gzip -d "$i"
done
sudo -H -u amavis spamassassin --report .
status=$?
echo Status: $status
sleep 7
[ $status -eq 0 ] && mv spam-* ../Archive
popd
}
# Ask razor if a message has been reported as Spam already
function check {
( cd /var/spool/amavis/quarantine && gzip -dc "$1" | sudo -H -u amavis
razor-check -d )
}
-----Original Message-----
From: Sizar [mailto:siz...@poczta.wp.pl]
Sent: Tuesday, January 25, 2005 12:20 PM
To: ama...@mikecappella.com
Subject: Re: [AMaViS-user] how to pernamently delete spam messages with spam
level over 12?
Great job Mike!
This is exactly what I was looking for!
Could you be so kind and place other scripts you are talking about on this
mailing group?
Regards,
Sizar
> Hello Sizar,
> I asked a similar question about adding a feature to amavisd-new to
> auto-delete spam above a certain threshold, but retain anything below
> in the quarantine area. There was a patch for an older version, but
> it has not been updated.
> Instead, I wrote a perl script to do what you are looking for. The
> firsrt script is checkspam, the other, checkspam-prep, works with it.
> checkspam-prep moves spam above a threshold score from the quarantine
> area into a sub-directory in the quarantine area called Spam. The
> checkspam script first calls checkspam-prep to preprocess the junk I
> trust to be spam, then cycles through the remaining quarantined
> messages allowing you to view and dispose each either into the Spam
> directory or a Ham directory. Below are the scripts I wrote. I have
> a couple of other utilities (spamclean, ham, spam) that are used to
> manage the Spam and Ham directories (to report and clean the Spam
directory, and then requeue items in the Ham directory.
> With these, I can breeze through the Spam.
> Regards,
> Mike
> #!/usr/local/bin/perl -w
> #
> # checkspam-prep
> #
> # Move SPAM message w/score over certain threshold directly to Spam
> area # to be reported as SPAM. Spam directory must exist w/in quarantined
area.
> #
> # X-Spam-Status: Yes, hits=15.911 tag=2 tag2=6.31 kill=6.31
> tests=BAYES_99, #
> use warnings;
> use strict;
> use Compress::Zlib ;
> my $killlevel = 15.0;
> my $quarantineDir = "/var/spool/amavis/quarantine"; #my $quarantineDir
> = "/tmp/quarantine"; my $spamDir = $quarantineDir . "/Spam"; my
> $pattern = '^X-Spam-Status: Yes, hits=(\d+\.\d+)\s+.*$'; my $line; my
> $file; my $debug = 0; my $killed = 0; my $nfiles = 0;
> chdir $quarantineDir or die "Unable to chdir $quarantineDir\n";
> # move message to new maildir change to mv after testing foreach $file
> (glob "spam*") {
> my $hits;
> $nfiles++;
> printf "File(%d): %s\n", $nfiles, $file if $debug;
> my $gz = gzopen($file, "rb") or die "Cannot open $file:
> $gzerrno\n" ;
> while ($gz->gzreadline($_) > 0) {
> $line = $hits = $_;
> if ($hits =~ s/$pattern/$1/s ) {
> printf "Line: '%s'\n", $line if $debug;
> printf ("Hits: '%s'\t : ", $hits) if $debug;
> if ($hits >= $killlevel) {
> printf ("Killed\n") if $debug;
> rename ($file, "$spamDir/$file") or die "Unable to
> move $file in to $spamDir\n" ;
> $killed++
> }
> else {
> printf ("Ignored\n") if $debug;
> }
> }
> }
> die "Error reading from $file: $gzerrno\n" if $gzerrno !=
> Z_STREAM_END ;
> $gz->gzclose() ;
> }
> printf "Moved %d of %d messages\n", $killed, $nfiles;
> 0;
> ----
> #!/bin/bash
> #
> # checkspam - runs pager on each quaraintined message, to # move
> message into Spam or Ham folder.
> #
> # Spam and Ham directories must exist w/in quarantined area.
> #
> if [ `id -u` != 0 ] ; then
> echo 'Permission denied'
> exit 1
> fi
> cd /var/spool/amavis/quarantine || exit 1
> spamcount=`ls -1 | grep '^spam-' | wc -l`
> if [ $spamcount == 0 ] ; then
> echo "No Spam!"
> exit 0
> fi
> echo "Number of messages : $spamcount"
> checkspam-prep
> sleep 2
> for i in spam-*.gz ; do
> echo $i
> sleep 1
> gzip -dc $i | less -cs
> +'/^K^Subject:|^To:|^From:|hits=[0-9][0-9]*\.[0-9][0-9]*'
> echo -n '(S)pam, (H)am, or Q(uit)? '
> read x
> case $x in
> s|S) mv $i Spam/$i ;;
> h|H) mv $i Ham/$i ;;
> q|Q) exit 0 ;;
> *);;
> esac
> done
> -----Original Message-----
> From: amavis-u...@lists.sourceforge.net
> [mailto:amavis-u...@lists.sourceforge.net] On Behalf Of Sizar
> Sent: Tuesday, January 25, 2005 5:30 AM
> To: amavi...@lists.sourceforge.net
> Subject: [AMaViS-user] how to pernamently delete spam messages with
> spam level over 12?
> Hi,
> I have two questions, that I couldn't find answer in Amavis
> documentation, FAQ and this group.
> First one:
> How to configure amavis (with spamassassin) to pernamently delete all
> spam messages that has spam level over for example 12?
> Second one:
> The message was marked as a spam by spamassassin and quarantined by
> amavis in quarantined folder (/var/virusmails). Then manually I have
> find out, that it was "false positive". How can I simply deliver this
> mail to it's receipent? Do I need to create a new message and send a
> "false postive" mail as a attachement? Is there any way to automate this
process?
> Ps. Sorry for my english :)
> Sizar
> -------------------------------------------------------
Mark Martinec
> How to configure amavis (with spamassassin) to pernamently delete all
> spam messages that has spam level over for example 12?
$sa_kill_level_deflt = 12;
To prevent backscatter (DSN to senders), either turn it off completely:
$final_spam_destiny = D_DISCARD;
or more selectively:
$final_spam_destiny = D_BOUNCE;
$sa_dsn_cutoff_level = 15;
To turn off spam quarantine:
$spam_quarantine_to = undef;
> Second one:
> The message was marked as a spam by spamassassin and quarantined by
> amavis in quarantined folder (/var/virusmails). Then manually I have
> find out, that it was "false positive". How can I simply deliver this
> mail to it's receipent? Do I need to create a new message and send a
> "false postive" mail as a attachement? Is there any way to automate
> this process?
As Gary pointed out, this comes around every now and then.
For an occasional release, the simplest is:
sendmail -i -f sender@domain recip1 recip2 ... < message.txt
...provided you have content_filter option disabled for your Postfix
'pickup' service. Or use mini_sendmail and feed message to port 10025.
To automate the procedure, you need some contributed/related sw,
see links at the amavisd-new web page.
Mark
ama...@mikecappella.com
I think what Sizar, myself, and others have requested, is an additional
level of action when quarantine is defined and in affect. For example:
Score Action
0.0 to 4.9 normal delivery
5.0 to 6.30 tag and deliver
6.31 to 11.99 tag and quarantine to disk (or other)
12.0 and up delete (no tag, no dsn, no quarantine)
Perhaps I've misunderstood amavisd-new, but such a setup seems useful for an
entirely admin-controlled anti-spam situation. It seems reasonable to
quarantine (for review and final disposition) potential spam (eg. 6.31 to
11.99), and to completely discard blatant spam (eg. above 12). It seems
this request/question has appeared on the list periodically, but is
generally answered such that quarantining is disabled completely, and the
kill level raise much higher (thus passing more spam).
Does this make sense?
-Mike
-----Original Message-----
From: amavis-u...@lists.sourceforge.net
[mailto:amavis-u...@lists.sourceforge.net] On Behalf Of Mark Martinec
Sent: Tuesday, January 25, 2005 3:43 PM
To: amavi...@lists.sourceforge.net
Subject: Re: [AMaViS-user] how to pernamently delete spam messages with spam
level over 12?
Gary Verchick
>> I think what Sizar, myself, and others have requested, is an additional
>> level of action when quarantine is defined and in affect. For example:
>> Score Action
>> 0.0 to 4.9 normal delivery
>> 5.0 to 6.30 tag and deliver
>> 6.31 to 11.99 tag and quarantine to disk (or other)
>> 12.0 and up delete (no tag, no dsn, no quarantine)
>> -Mike
> I use the hack listed here to do just that:
> http://www200.pair.com/mecham/spam/amavisd-hack.txt
> It may not be appropriate for some configurations so it
> requires testing. Use at your own risk. I use it, and it
> works great for me. Count me in with the list of
> people who would like to see a $sa_quarantine_cutoff_level
> integrated into the system. I think the default should
> be 9999.000 and the sanity limit of 12.000, so anything
> set lower would not catch people by surprise.
Of course, then people would request the ability to do
per-domain and per-user configuration, so it is understood
that this task would not be trivial.
Gary Verchick
Tuesday, January 25, 2005, 10:42:04 PM, you wrote:
> Hi Mark,
> I think what Sizar, myself, and others have requested, is an additional
> level of action when quarantine is defined and in affect. For example:
> Score Action
> 0.0 to 4.9 normal delivery
> 5.0 to 6.30 tag and deliver
> 6.31 to 11.99 tag and quarantine to disk (or other)
> 12.0 and up delete (no tag, no dsn, no quarantine)
> Perhaps I've misunderstood amavisd-new, but such a setup seems useful for an
> entirely admin-controlled anti-spam situation. It seems reasonable to
> quarantine (for review and final disposition) potential spam (eg. 6.31 to
> 11.99), and to completely discard blatant spam (eg. above 12). It seems
> this request/question has appeared on the list periodically, but is
> generally answered such that quarantining is disabled completely, and the
> kill level raise much higher (thus passing more spam).
> Does this make sense?
> -Mike
I use the hack listed here to do just that:
http://www200.pair.com/mecham/spam/amavisd-hack.txt
It may not be appropriate for some configurations so it
requires testing. Use at your own risk. I use it, and it
works great for me. Count me in with the list of
people who would like to see a $sa_quarantine_cutoff_level
integrated into the system. I think the default should
be 9999.000 and the sanity limit of 12.000, so anything
set lower would not catch people by surprise.
-------------------------------------------------------
Mark Martinec
> Count me in with the list of
> people who would like to see a $sa_quarantine_cutoff_level
> integrated into the system. I think the default should
> be 9999.000 and the sanity limit of 12.000, so anything
> set lower would not catch people by surprise.
A by-recipient @spam_quarantine_cutoff_level_maps
will be in the next release. A built-in default will
be undef (i.e. mechanism not used), so it will all depend
on what one places in the amavisd.conf file.
Mark