spamfilter20061118 Changelog
Close this window to continue.
01 FEB 2009
New virus_name_to_spam_score_maps (included with amavisd-new 2.6.2) for use with amavisd-new 2.5.2 - 2.6.1
@virus_name_to_spam_score_maps =
(new_RE( # the order matters!
[ qr'^Phishing\.' => 0.1 ],
[ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)' => 0.1 ],
[ qr'^Sanesecurity\.(Malware|Rogue|Trojan)\.' => undef ],# keep as infected
[ qr'^Sanesecurity(\.[^., ]*)*\.' => 0.1 ],
[ qr'^Sanesecurity_PhishBar_' => 0 ],
[ qr'^Email\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\.' => 0 ],
[ qr'^(MSRBL-Images\b|MSRBL-SPAM\.)' => 0.1 ],
[ qr'^VX\.Honeypot-SecuriteInfo\.com\.Joke' => 0.1 ],
[ qr'^VX\.not-virus_(Hoax|Joke)\..*-SecuriteInfo\.com(\.|\z)' => 0.1 ],
[ qr'^Email\.Spam.*-SecuriteInfo\.com(\.|\z)' => 0.1 ],
[ qr'-SecuriteInfo\.com(\.|\z)' => undef ], # keep as infected
[ qr'^MBL_' => undef ], # keep as infected
));
# Sanesecurity http://www.sanesecurity.co.uk/
# MSRBL- http://www.msrbl.com/site/contact
# MBL http://www.malware.com.br/index.shtml
# -SecuriteInfo.com http://clamav.securiteinfo.com/malwares.html
Please read: http://www.freespamfilter.org/forum/viewtopic.php?f=14&t=1205
20090106
The server at http://www.sanesecurity.com is overloaded and is not serving files. For now it would
be best if we do not try to connect to this server. Download a new script that does not
attempt to grab signatures from SaneSecurity:
cd /usr/sbin
mv UpdateSaneSecurity.sh UpdateSaneSecurity.sh.old
wget http://verchick.com/mecham/public_html/spam/NoUpdateSaneSecurity.sh.txt
mv NoUpdateSaneSecurity.sh.txt UpdateSaneSecurity.sh
chmod +x UpdateSaneSecurity.sh
There is a bug in older versions of the /etc/init.d/amavisd-new script (used for
Bayes maintenance). Please repair your copy if necessary.
The command provided to su must be quoted, and specified with su's -c option.
So as an example, this:
su - amavis -- /usr/bin/sa-learn --sync --force-expire >/dev/null
would change to this:
su - amavis -c '/usr/bin/sa-learn --sync --force-expire >/dev/null'
20081102
There have been changes to SaneSecurity. You should download a new script:
cd /usr/sbin
wget http://verchick.com/mecham/public_html/spam/UpdateSaneSecurity.sh.txt
mv UpdateSaneSecurity.sh.txt UpdateSaneSecurity.sh
chmod +x UpdateSaneSecurity.sh
UpdateSaneSecurity.sh
Add an entry to suppress logcheck messages:
echo "UpdateSaneSecurity" >>/etc/logcheck/ignore.d.server/amavisd-new
If you are using Amavisd-new 2.5.2 or newer: get a new set of SaneSecurity SA rules:
cd /etc/spamassassin
mv amavis-sanesecurity.cf amavis-sanesecurity.cf.old
wget http://verchick.com/mecham/public_html/spam/amavis-sanesecurity_v2.cf
spamassassin --lint
amavisd-new reload
If you are using Amavisd-new 2.5.2 or newer: add this entry to /etc/amavis/amavisd.conf
# SaneSecurity stuff
@virus_name_to_spam_score_maps =
(new_RE( # the order matters!
[ qr'^Sanesecurity\.(Malware|Rogue|Trojan)\.' => undef ],# keep as infected
[ qr'^Sanesecurity(\.[^., ]*)*\.' => 0.1 ],
[ qr'^Sanesecurity_PhishBar_' => 0 ],
[ qr'^Email\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\.' => 0 ],
[ qr'^(MSRBL-Images/|MSRBL-SPAM\.)' => 0.1 ],
[ qr'^MBL_' => undef ], # keep as infected
[ qr'^VX\.Honeypot-SecuriteInfo\.com\.Joke' => 0.1 ],
[ qr'^VX\.not-virus_(Hoax|Joke)\..*-SecuriteInfo\.com(\.|\z)' => 0.1 ],
[ qr'^Email\.Spam.*-SecuriteInfo\.com(\.|\z)' => 0.1 ],
[ qr'-SecuriteInfo\.com(\.|\z)' => undef ], # keep as infected
));
# Sanesecurity http://www.sanesecurity.co.uk/
# MSRBL- http://www.msrbl.com/site/contact
# MBL http://www.malware.com.br/index.shtml
# -SecuriteInfo.com http://clamav.securiteinfo.com/malwares.html
20080320
Updated the aide section. We now remove the Debian aide package after we install it. We also
put the spamassassin package on hold so it does not automatically upgrade to the volatile version.
Thanks JP.
20080312
Updated for amavisd-new 2.5.4
20071212
Updated for amavisd-new 2.5.3
20071003
Apply these patches to amavisd-new (2.4.2 to 2.5.2):
cd /usr/sbin
wget http://verchick.com/mecham/public_html/spam/amavisd-new-trim-whitespace.patch.txt
patch amavisd-new <amavisd-new-trim-whitespace.patch.txt
rm amavisd-new-trim-whitespace.patch.txt
wget http://verchick.com/mecham/public_html/spam/amavisd-new-trim-whitespace.patch2.txt
patch amavisd-new <amavisd-new-trim-whitespace.patch2.txt
rm amavisd-new-trim-whitespace.patch2.txt
20070705
scamp.sh script has been replaced, please see:
http://www.freespamfilter.org/forum/viewtopic.php?t=851
Updated from 2.4.5 to 2.5.2
20070517
Security announcement: Please remove zoo and unzoo, then reload amavisd-new:
http://www.amavis.org/security/
20070502
Added etch Volatile source (for clamav) and added a cron job to run razor-admin -discover.
20070413
Make a few edits and corrections now that etch is stable. Added the 'testing' apt source.
20070325
Made mention of other available installation CDs for 64 bit systems. I have not tried them however.
20070131
Updated for amavisd-new 2.4.5
20061123
Updated for amavisd-new 2.4.4
Added notes on downloading additional ClamAV signatures from sanesecurity.com
Added notes on setting up SARE rules from saupdates.openprotect.com
20061121
Document revised considerably in anticipation of etch becoming stable.
20061013
There are a few patches available for amavisd-new 2.4.3 (only applies to 2.4.3):
cd /usr/local/src/amavisd-new-2.4.3
cp amavisd amavisd-new
wget http://verchick.com/mecham/public_html/spam/mime-patch.txt
wget http://verchick.com/mecham/public_html/spam/header-patch.txt
wget http://verchick.com/mecham/public_html/spam/start-patch.txt
patch amavisd-new <mime-patch.txt
patch amavisd-new <header-patch.txt
patch amavisd-new <start-patch.txt
cp amavisd-new /usr/sbin/amavisd-new
amavisd-new reload
20061006
/usr/sbin/pflogsumm.pl needs to be patched if running Postfix 2.3.x
http://verchick.com/mecham/public_html/spam/pflogsumm-conn-delays-dsn-patch
20061001
Updated for amavisd-new 2.4.3. If you want to upgrade from 2.4.2 to 2.4.3:
http://www.freespamfilter.org/forum/viewtopic.php?t=383
20060917
Made a note about address rewriting and use of receive_override_options=no_address_mappings
Changed the Pyzor section to use a different pyzor server.
20060826
Updated http://verchick.com/mecham/public_html/spam/additional_settings_v2.html
Created a new document: http://verchick.com/mecham/public_html/spam/image_spam.html
20060709
Changed the 'Upgrade the kernel' section to 'Prevent libc6 upgrade problems'
20060701
Due to major changes in the way Debian works (udev is replacing devfs) and the
way the Debian version of amavisd-new works, there have been major revisions
to the document, and it has been renamed spamfilter20060701.html in order to
archive the older version.
20060627
Updated for amavisd-new 2.4.2.
20060617
Made a few notes regarding sa-update.
Removed the BitDefender section. The previous license agreement was ambiguous, but now it
is not. The free version cannot be used on a server.
20060508
Updated for amavisd-new 2.4.1.
20060423
I found that when using the Etch CD 'dpkg-reconfigure locales' does not change the
system wide language as it used to, so I show how to do it manually. Also, it
appears it is now necessary to have a UTF-8 locale in addition to the ISO-8859.x
locale we add or Perl will complain.
20060410
We are now using amavisd-new 2.4.0. If you are running Sarge 'stable' as a top priority,
please install Compress::Zlib (Compress-Zlib-1.41.tar.gz) from source (instructions included)
prior to installing amavisd-new version 2.4.0.
This also applies to those who installed version 2.3.2 using the older document and
would simply like to replace the 2.3.2 amavisd-new program with 2.4.0.
The older version of this document (that used amavisd-new 2.3.2) is now in the archives.
Several changes were made to account for peculiarities in the Etch beta 2 CD.
20060409
Added instructions to link vi to vim when installing via an Etch CD.
20060330
If logging is not desired for dccifd, also comment out DCCIFD_LOGDIR="$DCCM_LOGDIR" in dcc_conf.
We manually install Compress::Zlib in order to get a recent version and to enable us to
ignore the Debian dependencies which would unnecessarily upgrade Perl and libc6. Making
this change will allow us to use amavisd-new 2.3.3 or 2.4.0.
20060324
Added notes on repairing GRUB boot record after a disk clone.
20060119
Updated link to new 31r1a Sarge netinst CD.
20060115
I no longer recommend djbdns, I now offer instructions to install bind9.
20060104
A new version of amavisd-new is available in the "testing" branch, we are not going to use it however.
There is now a true Etch CD available. Seems to work fine.
20051222
In the supplied amavisd.conf I commented out the existing $unix_socketname setting and added:
$unix_socketname = undef;
and also:
$sa_timeout = 60;
20051123
Added instructions in the "Set up security reports" section to disable some logcheck
log reports produced by amavisd-new.
20051115
Revised ClamAV section. We now use Debian Volatile to install ClamAV.
20051022
Noted changes required if using SpamAssassin 3.1.x
20050904
Moved reject_unauth_pipelining from smtpd_data_restrictions, to the end of smtpd_recipient_restrictions,
then removed smtpd_data_restrictions.
20050831
Added notification to admin when a banned file is received: '$banned_admin = "postmaster\@$mydomain";'
20050801
When setting up the transport table, and you want to send to a hostname instead of
an IP address, you should enclose the hostname in square brackets to avoid mail
loops due to MX lookups (i.e. smtp:[exchange.domain1.com]). The brackets disable MX lookups.
20050718
Replaced the generic /etc/postfix/access file with more a specific /etc/postfix/sender_access file.
20050712
The Postfix Anti-Spam settings have changed. I now recommend:
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/access,
reject_non_fqdn_sender,
reject_unknown_sender_domain
and
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination
This enables us to allow certain senders with bogus domains without allowing them to relay through us.
20050628
This is a new (beta) document that uses Debian Sarge/Etch (stable/testing) and amavisd-new 2.3.2
http://verchick.com/mecham/public_html/spam/spamfilter20061118.html