Search found 388 matches

by nicola.piazzi
19 Feb 2021 09:11
Forum: 4.x Bugs
Topic: milter cpu at 100%
Replies: 13
Views: 10421

Re: milter cpu at 100%

Probably i found something

I dont know how this program work but i think that it make a select for all lines containing postfix\/cleanup, and they are 21000

problem is in function doit($input)
it solves putting sleep(10); before the SELECT but obviously i cant know how i do
by nicola.piazzi
19 Feb 2021 08:47
Forum: 4.x Bugs
Topic: milter cpu at 100%
Replies: 13
Views: 10421

Re: milter cpu at 100%

Today same thing
program search a string that at now contains about 21000 recs and do a select
[root@EFA42 log]# grep postfix\/cleanup maillog | wc
21052 224074 3943351

but it do it forever, i lauched same program manually and stays forever
by nicola.piazzi
18 Feb 2021 14:56
Forum: 4.x Bugs
Topic: milter cpu at 100%
Replies: 13
Views: 10421

Re: milter cpu at 100%

with a rapid look to the program seems that it uses some entries from maillog
so is possible that priogram made same thing forever depending on what is in the log

i solved with
logrotate -vf /etc/logrotate.conf

but there is in act a potential bug
by nicola.piazzi
18 Feb 2021 14:37
Forum: 4.x Bugs
Topic: milter cpu at 100%
Replies: 13
Views: 10421

milter cpu at 100%

During work i found that mysqll cpu was at 100% for hours There was same select running forever each time i watch with a different messageid The only way to stop it was to rename program and then kill its pid mv /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php /usr/bin/mailwatch/too...
by nicola.piazzi
18 Feb 2021 07:56
Forum: 4.x Bugs
Topic: Virus Scanning: Denial Of Service attack detected!
Replies: 40
Views: 44434

Re: Virus Scanning: Denial Of Service attack detected!

no more problems after YARA disabling .....

[root@EFA42 spamassassin]# grep "Denial of Service" /var/log/maillog
Feb 16 10:04:08 EFA42 MailScanner[470406]: Viruses marked as silent: Denial of Service attack in message!
by nicola.piazzi
18 Feb 2021 07:55
Forum: 4.x Bugs
Topic: SPF of DMARC problem
Replies: 3
Views: 2746

Re: SPF of DMARC problem

These are my DMARC spamassassin rules with a workaround for this problem When dmarc pass i give a bonus When dmarc fail i check spf that comes from spamassassin before give a real fail, if it pass i assume that it dont fail header SA_DMARC_NONE Authentication-Results =~ /gruppocomet\.it.+dmarc=none/...
by nicola.piazzi
17 Feb 2021 17:32
Forum: 4.x Bugs
Topic: SPF of DMARC problem
Replies: 3
Views: 2746

Re: SPF of DMARC problem

another solution can be to make postfix generate header with spf check

dnf install pypolicyd-spf
but install fails :
file /usr/bin/spfquery from install of python3-pyspf-2.0.14-8.el8.noarch conflicts with file from package perl-Mail-SPF-Query-1.999.1-1.eFa.el8.noarch
by nicola.piazzi
17 Feb 2021 16:11
Forum: 4.x Bugs
Topic: SPF of DMARC problem
Replies: 3
Views: 2746

SPF of DMARC problem

I posted about a dmarc problem and i think to found a real bug in opendmarc Opendmarc reads opendkim results from header and initially i have not verified it, If i dont make a verify, opendkim can only use spf results to validate, but in header i have no spf results So i put SPFSelfValidate true In ...
by nicola.piazzi
17 Feb 2021 10:25
Forum: 4.x Bugs
Topic: dmarc fail on paypal
Replies: 3
Views: 2631

Re: dmarc fail on paypal

probably solved using Mode sv in opendkim.conf
by nicola.piazzi
17 Feb 2021 10:10
Forum: 4.x Bugs
Topic: dmarc fail on paypal
Replies: 3
Views: 2631

Re: dmarc fail on paypal

If i put directive SPFSelfValidate true A new line appear, it tell that opendmarc made itself spf test Authentication-Results: EFA42.gruppocomet.it; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: EFA42.gruppocomet.it; spf=pass smtp.mailfrom=uta.fac@gmail.com so dmarc pass...
by nicola.piazzi
17 Feb 2021 09:55
Forum: 4.x Bugs
Topic: dmarc fail on paypal
Replies: 3
Views: 2631

dmarc fail on paypal

I have a lot of dmarc failed also if they are ok in dkim and spf, here an example -0.20 DKIM_VALID Message has at least one valid DKIM or DK signature -0.30 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.20 DKIM_VALID_EF Message has a valid DKIM or DK signature from e...
by nicola.piazzi
17 Feb 2021 07:33
Forum: 4.x Bugs
Topic: Virus Scanning: Denial Of Service attack detected!
Replies: 40
Views: 44434

Re: Virus Scanning: Denial Of Service attack detected!

with enable_yararules="yes" i got a "Viruses marked as silent: Denial of Service attack in message!" yesterday with enable_yararules="no" i have no more messages for 24h i think that problem is yara but i dont know what yara database is involved, These are yaras rmoved ...
by nicola.piazzi
16 Feb 2021 14:58
Forum: 4.x Bugs
Topic: Virus Scanning: Denial Of Service attack detected!
Replies: 40
Views: 44434

Re: Virus Scanning: Denial Of Service attack detected!

I put enable_yararules="no" 6 hours ago and i have no more denyes
6 hours are not enough but i am confident that can be yara problem

consider that when it give the problem cpu of clam goes at more than 100%
by nicola.piazzi
16 Feb 2021 09:37
Forum: 4.x Bugs
Topic: Virus Scanning: Denial Of Service attack detected!
Replies: 40
Views: 44434

Re: Virus Scanning: Denial Of Service attack detected!

I get this morning : Feb 16 10:04:08 EFA42 MailScanner[470406]: Viruses marked as silent: Denial of Service attack in message! Now i try disabling yara rules that i suspect and wait .... enable_yararules="no" /usr/sbin/clamav-unofficial-sigs.sh Removing unused file: /var/lib/clamav-unoffic...
by nicola.piazzi
15 Feb 2021 16:22
Forum: 4.x Bugs
Topic: Virus Scanning: Denial Of Service attack detected!
Replies: 40
Views: 44434

Re: Virus Scanning: Denial Of Service attack detected!

I still have NO problem (grep "Denial of Service" /var/log/maillog at 0) I au using databases from this full default list -rw-r--r-- 1 clamupdate clamupdate 98869 Feb 9 08:47 badmacro.ndb -rw-r--r-- 1 clamupdate clamupdate 476644 Feb 14 21:08 blurl.ndb -rw-r--r--. 1 clamupdate clamupdate 3...
by nicola.piazzi
15 Feb 2021 08:28
Forum: 4.x Bugs
Topic: Virus Scanning: Denial Of Service attack detected!
Replies: 40
Views: 44434

Re: Virus Scanning: Denial Of Service attack detected!

To find problem we can use grep "Denial of Service" /var/log/maillog Now my log is clean of there errors becouse i used no unofficial for this weekend Now i started with a limited sets of unofficial db and monitor for error to find offending db using my traffic this is my forst test packag...
by nicola.piazzi
11 Feb 2021 07:35
Forum: 4.x Bugs
Topic: Virus Scanning: Denial Of Service attack detected!
Replies: 40
Views: 44434

Re: Virus Scanning: Denial Of Service attack detected!

Yesterday i put in /etc/clamd.d/scan.conf OfficialDatabaseOnly yes this is log today 11/02 at 08.27 and after this no more problem [root@EFA42 batch]# grep "Denial of Service" /var/log/maillog Feb 9 17:33:36 EFA42 MailScanner[131547]: Viruses marked as silent: Denial of Service attack in m...
by nicola.piazzi
10 Feb 2021 14:58
Forum: 4.x Bugs
Topic: Virus Scanning: Denial Of Service attack detected!
Replies: 40
Views: 44434

Re: Virus Scanning: Denial Of Service attack detected!

is very difficoult to do, i can try
by nicola.piazzi
10 Feb 2021 13:32
Forum: 4.x Bugs
Topic: Virus Scanning: Denial Of Service attack detected!
Replies: 40
Views: 44434

Re: Virus Scanning: Denial Of Service attack detected!

I also have that problem, sigh
by nicola.piazzi
09 Feb 2021 16:17
Forum: How-to
Topic: my 5 plugins 1/2
Replies: 2
Views: 1607

my 5 plugins 2/2

sadwl Is a SpamAssassin Plugin that record into a table domain info about envdomain, domain and reverse domain, So using a database browser under pc you can assign a bonus or penality score dinamcally ow Is a SpamAssassin Plugin that build a database WhiteList using data from email that your intern...
by nicola.piazzi
09 Feb 2021 16:16
Forum: How-to
Topic: my 5 plugins 1/2
Replies: 2
Views: 1607

my 5 plugins 1/2

Here 5 plugins that i made and that i use in my installation from years, they are tested and in use under efa4 mxpf Mxpf help to hit some non spoofed email for domains that doesnt have SPF or DKIM configured It compare the C mask of sender ip with C mask of all mx records of domain asnpf Asnpf help ...
by nicola.piazzi
09 Feb 2021 15:56
Forum: How-to
Topic: SecuriteInfo patterns for CLAM
Replies: 0
Views: 2979

SecuriteInfo patterns for CLAM

Into /etc/freshclam.conf i put patterns from https://www.securiteinfo.com/
It need a registrstion but they consent free daily download
It have large pattern files as you can see in few days it give a great enhance in detection
Cattura.PNG
Cattura.PNG (33.73 KiB) Viewed 2978 times
by nicola.piazzi
09 Feb 2021 07:36
Forum: Discussion
Topic: bayes discard messages
Replies: 10
Views: 3705

Re: bayes discard messages

Cattura.PNG
Cattura.PNG (8.91 KiB) Viewed 3609 times
also with bayes_auto_learn_threshold_spam 6.00 it takes only over 12
by nicola.piazzi
09 Feb 2021 07:29
Forum: Discussion
Topic: bayes discard messages
Replies: 10
Views: 3705

Re: bayes discard messages

did you mean that if i put 5 it is invalid and it stays at 12 ?
by nicola.piazzi
08 Feb 2021 10:18
Forum: 4.x Bugs
Topic: reboot slow after configure
Replies: 5
Views: 2089

Re: reboot slow after configure

I found that the problem start only when a system is loaded with messages incoming,
it takes 2 minutes and at the end i can see dracut killing remaining processes
In a system with low traffic it doesnt occur it occurs only when i turn dns to use system