SpamBlocker 4.3.0, BlockCracking, Easy Spam Figther, and new exim.pl

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,747
Location
London UK
What about re-create once erased with the remote nameservers?
I did.

Warning: If you do delete and re-add zones for existing domains, it only creates the default A/MX/etc records, nothing extra like any sub-domains or IPv6's... And as you are unable to rewrite the zones, you are basically stuffed if you rely on local DNS?
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,789
Location
A Coruña, Spain
Sorry, but are you using external dns or not? If not, so that may ruins things yes, but as far as i understood you're using external DNS and want DA to check the external one instead the local for specific domains, am i wrong?

Regards
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,747
Location
London UK
Sorry, but are you using external dns or not? If not, so that may ruins things yes, but as far as i understood you're using external DNS and want DA to check the external one instead the local for specific domains, am i wrong?
Yes I am using an external DNS, I thought I'd warn people if they (mistakenly) delete an existing domain DNS then re-add the zone, it'll be a nightmare if they had loads of sub-domains, IPv6's, custom records, etc..... That's all.
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,789
Location
A Coruña, Spain
Ok that's actually strange.. could you please test another thing?

Remove the domain and re-add it with different (external) IP, and check if Local Data become "no"

Regards
 

jca

Verified User
Joined
Oct 31, 2006
Messages
231
Location
Allen, TX
Hello,

I'm having a problem with ClamAV trying to send a big email (around 25MB).

2015-05-27 11:48:51 1YxdZY-0000vy-I3 malware acl condition: clamd: unable to send file body to socket (127.0.0.1)
2015-05-27 11:48:51 1YxdZY-0000vy-I3 H=localhost (www.example.com) [127.0.0.1] F=<jca@example.com> A=login:jca@example.com temporarily rejected after DATA

It looks like ClamAV is exiting because of the amount of data. I tried searching and seems like some people had this problem before but didn't find any solution. I guess either ClamAV should be modifies to scan bigger files or make a condition to skip bigger than certain size attachments. Any ideas?

Thanks

Jose
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,789
Location
A Coruña, Spain
You can set those limit in /etc/clamd.conf

# This option sets the maximum amount of data to be scanned for each input file.
# Archives and other containers are recursively extracted and scanned up to this
# value.
# Value of 0 disables the limit
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 100M
#MaxScanSize 150M

# Files larger than this limit won't be scanned. Affects the input file itself
# as well as files contained inside it (when the input file is an archive, a
# document or some other kind of container).
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 25M
#MaxFileSize 30M


But actually it does look strange that error... it only do that with big email?

Regards
 

jca

Verified User
Joined
Oct 31, 2006
Messages
231
Location
Allen, TX
Yes only big emails are failing (around 30MB, I made a modification in exim config to allow up to 50MB mails) I have no problem with small emails.

I made the modifications to /etc/clamd.conf:

MaxScanSize 150M
MaxFileSize 70M

Just to be sure. I restarted Clamd and tried sending the email again with the same error.

The email I have problems with has a total of 11 attachments with a total of 23.3MB. (Files are from 1MB to 5MB each)

Any ideas what the problem might be?
 
Last edited:

jca

Verified User
Joined
Oct 31, 2006
Messages
231
Location
Allen, TX
Found the problem.

I had to change the following configuration on ClamAV:

Code:
#StreamMaxLength 20M
to:

Code:
StreamMaxLength 70M
To find this, I had to enable ClamAV log and send a test email, which logged:

Code:
WARNING: INSTREAM: Size limit reached, (requested: 30510096, max: 26214400)
Hope this helps somebody else!
 

Barend

New member
Joined
May 31, 2015
Messages
2
How to test if it's working?

Hello,

I have installed Costombuild 2.0, and recompiled everything (./build all d) in order to have my incomming and outgoing mail scanned.
I hope to achieve that forwarded messages will also get scanned.

How do I test if it works? Is there a logfile to see what messages have been filtered?

This is the mail-part of my CB20 config:
#Mail Settings
exim=yes
eximconf=yes
eximconf_release=4.3
blockcracking=yes
easy_spam_fighter=yes
spamassassin=yes
dovecot=yes
dovecot_conf=yes
pigeonhole=no

Any help will be greatly appreciated!

regards,

Barend
 

nealdxmhost

Verified User
Joined
Jan 1, 2009
Messages
234
Location
Los Angeles CA
This might sound crazy but when I tried upgrading to this version on one of the servers I am running I started getting complaints from a couple of clients that the amount of inbound spam they got became WORSE.

Needless to say I am beginning to wonder what I might have missed or overlooked or goofed on.
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,747
Location
London UK
One of the fixes was to use 127.0.0.1 as your DNS resolver, use local or your upstream's default - most RBL frown upon the use of Google/OpenDNS
 
Top