amavis – better and worse

Amavis is a mail filter with a lot of bolt on’s.  I ran it for a long time in the past with multiple instances* and then dropped it on account of it not working on spamassasin and that it was honestly not working that well to justify it so it got tossed after a suse/fedora or debian big upgrade which made the plumbing easier.

Having a few rogue entries from spoofed amex come through (my blog) when i also re-enabled text filters  and decided to try again with amavis at a later date although outbound use is not going to be considered that entails messing with init scripts and lots of testing.  Outbound scanning is a pain

goldstarFor gold stars newer amavis gets a well done for updating spamassasin as part of the daemon, rather than a vague update at a console.  Its more usable, so additional stars too for handling /var/lib/amavis/tmp better

Its install into postfix was horrid and it would have ‘helped’ if an acl for networks was at least commented in the amavis conf files since amavis is a dogs dinner of perl and error messages are a little cryptic even by my standards i tolerate.

Reverting to old style amavis syntax rather the @dumb_shite => (cow money chicken [::1]); nearly restored my sanity until amavis’s hate of mutlihomed systems** came to be known.

Virus scanning fell over when $myhome was again referenced and not set, so after setting directories and permissions and adding the scanner to the amavis group it seems to be doing something.

maskCleaning out virusmails [spam,bad headers and viruses] is a shell script that looks like something along the lines of.

echo “viruses”
ls -l -R /var/amavis/virusmails/*/ban* |wc -l
ls -l -R /var/amavis/virusmails/*/ban*
echo “delete viruses”;
find /var/amavis/virusmails/*/ban* -exec rm {} \;

Duplicate lines report quantity and location where the last searches and deletes.

Amavis is no walk in the park, i can always dump it if it does not perform or the ‘fashion’ of sending viruses drops off as it has before.  Its working while a little unworldly to maintain seems worth the time and effort.   Although running one instance is much more nicer than four

* for dkim outbound signing (my blog) ** two or more network interfaces – one of which is not a wifi interface

9 responses

  1. Pingback: The [locally won] war on spam | Bananas in the Falklands

  2. Pingback: The humour of spammers | Bananas in the Falklands

  3. Pingback: Postscreen with amavis after a month | Bananas in the Falklands

  4. Pingback: a few days with opendkim and dkim keys | Bananas in the Falklands

  5. Pingback: ssl email address scalping is not an email address to be sold | Bananas in the Falklands

  6. Pingback: The adsp conundrum. | Bananas in the Falklands

  7. Pingback: Exploring opendmarc in debian jessie | Bananas in the Falklands

  8. Pingback: reporting spam and getting it reported as spam | Bananas in the Falklands

  9. Pingback: debian 9.5 in the wild and the broken virus scanner | Bananas in the Falklands

by golly but...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.