We have been using Maia 1.0.2 for some time now with great
success -- over
99.9% effectiveness.
I have only two outstanding issues -
WHITELIST ISSUE - We have spam coming in with a
"from" domain as our own...
e.g. sdfkjh fast-serv.com -> adminfast-serv.com.
This spam bypasses the filters as we have whitelisted *fast-serv.com. Why
diud we whitelist our own domain? We have 100's of dedicated
servers that
email status updates to adminfast-serv.com and we can't
risk missing one.
e.g. servernamefast-serv.com -> adminfast-serv.com
Since all of our servers reside on known, trusted IP blocks,
would it be
possible to whitelist *fast-serv.com ONLY if originating from
trusted IP
blocks? This would get rid of the "outside"
spam...
BLACKLIST ISSUE
We have a looping issue between a particular MTA and our
helpdesk. I have
attempted to block the sender via blacklist
*smtp.global-usa.com
*global-usa.com
postmastersmtp.global-usa.com
However the looping continues and we get 1000's of messages
in the non-spam
folder every day. Here's a header of the incoming message
we cannot seem to
stop. Why is the blacklist not catching it?
Received: from smtp.global-usa.com (mail.global-usa.com
[64.115.227.91])
by mailguard.ash01.fast-serv.com (Postfix) with ESMTP id
7564688009B
for <helpdeskfast-serv.com>; Wed, 16 Jan 2008
07:14:03 -0800 (PST)
Date: Wed, 16 Jan 2008 10:14:27 -0500
Message-Id: <10801161014.AA18368757smtp.global-usa.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "Postmaster" <postmastersmtp.global-usa.com>
Sender: <postmastersmtp.global-usa.com>
To: <helpdeskfast-serv.com>
Subject: Undeliverable Mail
X-Mailer: <SMTP32 v8.05>
--
Randy McAnally
Fast Serv Networks, LLC
office: 619-819-8252 x201
fax: 619-819-9443
---------- Original Message -----------
From: maia-users-requestrenaissoft.com
To: maia-usersrenaissoft.com
Sent: Sat, 12 Jan 2008 12:00:02 -0800
Subject: Maia-users Digest, Vol 52, Issue 18
> Send Maia-users mailing list submissions to
> maia-usersrenaissoft.com
>
> To subscribe or unsubscribe via the World Wide Web,
visit
> http://www.renaissoft.com/mailman/listinfo/maia-users
> or, via email, send a message with subject or body
'help' to
> maia-users-requestrenaissoft.com
>
> You can reach the person managing the list at
> maia-users-ownerrenaissoft.com
>
> When replying, please edit your Subject line so it is
more specific
> than "Re: Contents of Maia-users digest..."
>
> Today's Topics:
>
> 1. Re: Request for Enhancement: Time Zone Setting
(David Morton)
> 2. Re: Request for Enhancement: Sorting Users in
"Users Found"
> (xadminusers.php) screen (David Morton)
>
> 3. Re: Request for Enhancement: Time Zone Setting
(Brian
> McCullough)
> 4. Re: Request for Enhancement: Time Zone Setting
(David Morton)
> 5. amavis & maia (Alexandre Ghisoli)
>
>
------------------------------------------------------------
----------
>
> Message: 1
> Date: Fri, 11 Jan 2008 13:59:32 -0600
> From: David Morton <mortondadgrmm.net>
> Subject: Re: [Maia-users] Request for Enhancement: Time
Zone Setting
> To: rcsheetspicosecond.org (Robert C. Sheets)
> Cc: maia-usersrenaissoft.com
> Message-ID:
<E28FAA46-FF10-4058-BD81-33FB14BB647Fdgrmm.net>
> Content-Type: text/plain; charset=US-ASCII;
format=flowed; delsp=yes
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Jan 11, 2008, at 1:34 PM, Robert C. Sheets wrote:
>
> > On Fri, Jan 11, 2008 at 02:12:33PM -0500, Chris
Paul wrote:
> >> This would specify an offset from the mail
> >> servers timezone which users could set to have
their quarantine
> >> display
> >> mail items with the local time.
> >
> > I like your idea in general, but I think the
offset should be from
> > UTC,
> > ignoring the time zone the server happens to be
in. The user knows
> > what
> > time zone they're in and they really shouldn't
have to care where the
> > server is.
>
> Isn't the local server timezone available in an
environment
> variable? It should be possible to use that and the
timezone
> selected to calculate the right time.
>
> The real question I have is one of performance: when do
we make the
> adjustment? If we make it before being stored in the
database, it
> might have ramifications for other processes. If we
make the
> adjustment on every view, it could slow down the view.
OTOH, it is
> stored in a datetime in sql, so it should be a very
simple sql
> adjustment.
>
> It looks like mysql has support:
>
> http://dev.mysql.com/doc/refman/5.0/en/date-and-time-
> functions.html#function_convert-tz
>
> And it appears, postgresql:
>
>
http://www.postgresql.org/docs/8.0/static/functions-
> datetime.html#FUNCTIONS-DATETIME-ZONECONVERT
>
> David Morton
> Maia Mailguard http://www.maiamailguard
.com
> mortondadgrmm.net
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
>
>
iD8DBQFHh8qkUy30ODPkzl0RAmMEAKDTnetTE2DqNMyCkPEFyZcgKOjleQCd
G4vA
> +1bfi+kb7nstCHH9A1TJ+fk=
> =jF6G
> -----END PGP SIGNATURE-----
>
> ------------------------------
>
> Message: 2
> Date: Fri, 11 Jan 2008 15:22:23 -0600
> From: David Morton <mortondadgrmm.net>
> Subject: Re: [Maia-users] Request for Enhancement:
Sorting Users in
> "Users Found" (xadminusers.php) screen
> To: Chris Paul <chris.paulsentinare.com>
> Cc: maia-usersrenaissoft.com
> Message-ID:
<6A22BF8F-2CB2-4765-9759-1C756ECD52F9dgrmm.net>
> Content-Type: text/plain; charset=US-ASCII;
format=flowed; delsp=yes
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Jan 11, 2008, at 1:16 PM, Chris Paul wrote:
>
> > Another request:
> >
> > Currently if an administrator has the ability to
administer multiple
> > domains and does a search on "*" users,
the resulting display sorts
> > by domain first, then user. I would like to
request that this sort
> > by user, and ignore domain.
> >
>
> ready for testing:
>
> http
://www.maiamailguard.org/maia/changeset/1205
>
> David Morton
> Maia Mailguard http://www.maiamailguard
.com
> mortondadgrmm.net
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
>
>
iD8DBQFHh94QUy30ODPkzl0RAvdEAJ9csYvTUS2pOeLq7MJCfufKoj2bkgCg
z5i6
> pzROcafnSC/P/3yhjvCvYZo=
> =ruAd
> -----END PGP SIGNATURE-----
>
> ------------------------------
>
> Message: 3
> Date: Fri, 11 Jan 2008 18:12:17 -0500
> From: Brian McCullough <bdmcbdmcc-us.com>
> Subject: Re: [Maia-users] Request for Enhancement: Time
Zone Setting
> To: David Morton <mortondadgrmm.net>
> Cc: maia-usersrenaissoft.com
> Message-ID: <20080111231217.GA4681bdmcc-us.com>
> Content-Type: text/plain; charset=us-ascii
>
> On Fri, Jan 11, 2008 at 01:59:32PM -0600, David Morton
wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> >
> > On Jan 11, 2008, at 1:34 PM, Robert C. Sheets
wrote:
> >
> > > On Fri, Jan 11, 2008 at 02:12:33PM -0500,
Chris Paul wrote:
> > >
> > > I like your idea in general, but I think the
offset should be from
> > > UTC,
> > > ignoring the time zone the server happens to
be in. The user knows
> > > what
> > > time zone they're in and they really
shouldn't have to care where the
> > > server is.
> >
> > The real question I have is one of performance:
when do we make the
> > adjustment? If we make it before being stored in
the database, it
> > might have ramifications for other processes. If
we make the
> > adjustment on every view, it could slow down the
view. OTOH, it is
> > stored in a datetime in sql, so it should be a
very simple sql
> > adjustment.
>
> I lean toward the "everything in UTC" camp.
If every bit of data is
> stored in the database in UTC, then there is a very
standard and
> well-known ( well-defined ) adjustment that happens
when that data is
> displayed in any manner. This is "normal
Unix" behaviour. It's only
> that "other" OS ( or OS-equivalent ) that
seems to think that computers
> should be set to Local Time.
>
> Calculations ( differences, etc. ) are easy with a
predictable
> "base" of operations. There are standard
routines available for converting
> whatever is in the mail message into UTC.
>
> Brian
>
> ------------------------------
>
> Message: 4
> Date: Fri, 11 Jan 2008 17:54:54 -0600
> From: David Morton <mortondadgrmm.net>
> Subject: Re: [Maia-users] Request for Enhancement: Time
Zone Setting
> To: Brian McCullough <bdmcbdmcc-us.com>
> Cc: maia-usersrenaissoft.com
> Message-ID:
<38A356D4-3AB3-48B0-9A9C-DCBA1760A4D8dgrmm.net>
> Content-Type: text/plain; charset=US-ASCII;
format=flowed; delsp=yes
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Jan 11, 2008, at 5:12 PM, Brian McCullough wrote:
> >
> > Calculations ( differences, etc. ) are easy with a
predictable
> > "base" of
> > operations. There are standard routines available
for converting
> > whatever is in the mail message into UTC.
>
> If I'm reading the docs right on the postgresql docs,
it will make
> the adjustment no mater have the clock is set.
>
> I think we should be able to handle both situations.
>
> David Morton
> Maia Mailguard http://www.maiamailguard
.com
> mortondadgrmm.net
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
>
>
iD8DBQFHiAHOUy30ODPkzl0RAieaAJ4gKFU9EATX547sGAT96mm2hR3dFwCf
ewrV
> LofxIAuFWec6iLTZt5Ya5Ik=
> =Usd5
> -----END PGP SIGNATURE-----
>
> ------------------------------
>
> Message: 5
> Date: Sat, 12 Jan 2008 19:20:53 +0100
> From: Alexandre Ghisoli <alexandre.ghisoliycom.ch>
> Subject: [Maia-users] amavis & maia
> To: logwatch-patcheslogwatch.org,
maia-usersrenaissoft.com
> Message-ID: <1200162053.5841.7.camelnb05-x40>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi,
>
> Here is a patch to avoid a lot of unparsed entries when
a email gateway
> is using maia ( http://www.maiamailguard
.com ).
>
> Maia is adding this line in logs :
> Jan 7 11:02:04 mx1 amavis[944]: (00944-09) SPAM,
> <senderintellicast.com> -> <feedbackxxx.ch>, Yes, hits=11.327 tag=3
> tag2=5 kill=5 tests=BAYES_99=3.5, DOS_OE_TO_MX=2.75,
> FORGED_MUA_OUTLOOK=3.116, HTML_MESSAGE=0.001,
> RCVD_IN_BL_SPAMCOP_NET=1.96, quarant
> ine spam-5958880 (maia-spam-quarantine)
>
> That line is not needed, as logwatch reports amavis
logs. I'm not
> sure it's required to report both amavis and maia spam
event
> (quarantine or not).
>
> regards
>
> --Alexandre
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: logwatch-amavis-maia.patch
> Type: text/x-patch
> Size: 449 bytes
> Desc: not available
> Url : http://www.
renaissoft.com/pipermail/maia-
>
users/attachments/20080112/fe9b9b13/attachment-0001.bin
>
> ------------------------------
>
> _______________________________________________
> Maia-users mailing list
> Maia-usersrenaissoft.com
> http://www.renaissoft.com/mailman/listinfo/maia-users
>
> End of Maia-users Digest, Vol 52, Issue 18
> ******************************************
------- End of Original Message -------
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jan 16, 2008, at 9:29 AM, Randy McAnally wrote:
>
> Since all of our servers reside on known, trusted IP
blocks, would
> it be
> possible to whitelist *fast-serv.com ONLY if
originating from
> trusted IP
> blocks? This would get rid of the "outside"
spam...
>
with a little help from postfix, yes. Here's a sample from
my own
config, I use this to tag sasl messages, but it also tags
local
senders too. (omitting unnecessary restrictions with
"...")
main.cf:
smtpd_recipient_restrictions = ...,
permit_sasl_authenticated,
permit_mynetworks,reject_unauth_destination, ...
,check_client_access
pcre:/etc/postfix/helo_add_auth_header.regexp
helo_add_auth_header.regex:
/.*/ PREPEND X-SMTP-Auth: not_on_dgrmm
and then in /etc/mail/spamassassin/local.cf:
header __NO_SMTP_AUTH X-SMTP-Auth =~ /not_on_dgrmm/
meta SMTP_AUTH ( __NO_SMTP_AUTH < 1 )
describe SMTP_AUTH Message sent using SMTP Authentication
tflags SMTP_AUTH nice
score SMTP_AUTH -5
Instead of SMTP_AUTH, you are testing for local use, but it
should
behave the same way, maybe this would be more clear:
header __NOT_LOCAL_SEND X-SMTP-Auth =~ /not_on_dgrmm/
meta LOCAL_SEND ( __NOT_LOCAL_SEND < 1 )
describe LOCAL_SEND Message sent via local trusted machine.
tflags LOCAL_SEND nice
score LOCAL_SEND -5
Oh. trusted... make sure you have your trusted networks
are set up
right. That alone may work to fix this.
http://
wiki.apache.org/spamassassin/TrustPath
> BLACKLIST ISSUE
>
> We have a looping issue between a particular MTA and
our helpdesk.
> I have
> attempted to block the sender via blacklist
>
> However the looping continues and we get 1000's of
messages in the
> non-spam
> folder every day. Here's a header of the incoming
message we cannot
> seem to
> stop. Why is the blacklist not catching it?
>
> Received: from smtp.global-usa.com
(mail.global-usa.com
> [64.115.227.91])
> by mailguard.ash01.fast-serv.com (Postfix) with ESMTP
id 7564688009B
> for <helpdeskfast-serv.com>; Wed, 16 Jan 2008
07:14:03 -0800 (PST)
> Date: Wed, 16 Jan 2008 10:14:27 -0500
> Message-Id: <10801161014.AA18368757smtp.global-usa.com>
> Mime-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> From: "Postmaster" <postmastersmtp.global-usa.com>
> Sender: <postmastersmtp.global-usa.com>
> To: <helpdeskfast-serv.com>
> Subject: Undeliverable Mail
> X-Mailer: <SMTP32 v8.05>
If those are all the headers, it appears that the MTA is
delivering to
your *downstream* MTA, and bypassing Maia altogether.
David Morton
Maia Mailguard http://www.maiamailguard
.com
mortondadgrmm.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iD8DBQFHjjVRUy30ODPkzl0RAlfuAJ4xPiRFE0LPxL2WePVIWPcaH0TrfQCf
S/IR
LJI9AOyJJNOOJ3ezS64i6t4=
=3nhx
-----END PGP SIGNATURE-----
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
