I could use some help with the proper ACLs for the above items....I
have some given to me but I'm not sure they are correct or functioning
at all in terms of Virus checking. Here is my setup
Exim 4.60
Spamassassin 3.1
Sophie 3.05
Sophos (Latest rev - yes, licensed and running fine with Exim 3.36)
All have been built correctly (they run at least :))
I've supplied my exim.conf, and both sophie confs here as well.
Can someone take a look and let me know what I'm missing as I'm having
two largeish problems:
1) spamd is timing out ALOT (almost every message) so we're doing
little or no spam filtering) Here are logs snippets from both Exim
3.36 and 4.6 running SA 3.1
When I run exim 3.36 and SA 3.1:
Jan 7 17:19:13 eagle spamd[3111]: spamd: connection from localhost
[127.0.0.1] at port 46278
Jan 7 17:19:13 eagle spamd[3111]: spamd: processing message
<001101c60f1c$66c0f360$0200a8c0@pc> for mail:561
Jan 7 17:19:16 eagle spamd[3112]: spamd: connection from localhost
[127.0.0.1] at port 46279
Jan 7 17:19:17 eagle spamd[3112]: spamd: processing message
<960z110q.7492479@68.248.203.41> for mail:561
Jan 7 17:20:02 eagle spamd[4566]: spamd: identified spam (12.6/5.0)
for mail:561 in 108.3 seconds, 2889 bytes.
Jan 7 17:20:02 eagle spamd[4566]: spamd: result: Y 12 -
ADVANCE_FEE_1,ADVANCE_FEE_2,BAYES_00,DATE_IN_FUTURE_06_12,DCC_CHECK,FAKE_HELO_MAIL_COM,FORGED_MUA_OUTLOOK,RCVD_NUMERIC_HELO,SUBJ_ALL_CAPS,TO_CC_NONE,URG_BIZ
scantime=108.3,size=2889,user=mail,uid=561,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=46267,mid=<charlesboy1$196.3.62.4$.43c048dc.8b40c.47f0.6491@???>,bayes=0.00148341614097802,autolearn=no
When I run 4.60 exim and SA 3.1:
2006-01-07 00:00:19 1Ev75l-0002qs-UL spam acl condition: error reading
from spam
d socket: Connection timed out
2006-01-07 00:00:19 1Ev75l-0002qs-UL H=(211.220.37.149)
[211.220.37.149] I=[192.
168.1.1]:25 Warning: ACL "warn" statement skipped: condition test
deferred
2006-01-07 00:00:19 1Ev75l-0002qs-UL <= wejuvavqpz@???
H=(211.220.37.149)
[211.220.37.149] I=[192.168.1.1]:25 P=smtp S=2987
id=DGSEIFRDTQMSETNJUGQFY@yahoo
.com
2006-01-07 00:00:19 1Ev75l-0002qs-UL => georgek <georgek@???>
R=procmail
T=procmail
2006-01-07 00:00:19 1Ev75l-0002qs-UL Completed
2) There is NO sopie activity of any sort in the logs beyond startup
and shutdown I'm thinking there should be something...:
Jan 7 14:31:22 eagle sophie[30783]: /usr/local/bin/sophie Placed in
the background [PID: 30784]
Jan 7 14:31:22 eagle sophie[30785]: NOTICE : Setting
configuration options - please wait...
Jan 7 14:31:22 eagle sophie[30785]: NOTICE : Configuration
options set
Jan 7 14:31:30 eagle sophie[30785]: Sophos engine : Sophos engine
version 2.32
Jan 7 14:31:30 eagle sophie[30785]: Sophie IDE : Sophos IDE
version 4.01 (detects 117045 viruses)
Jan 7 14:31:30 eagle sophie[30785]: SAVI config :
/etc/sophie.savi
Jan 7 14:31:30 eagle sophie[30785]: Max processes : 20
Jan 7 14:31:30 eagle sophie[30785]: Socket path :
/var/run/sophie
Jan 7 14:31:30 eagle sophie[30785]: Umask : 7
Jan 7 14:31:30 eagle sophie[30785]: PID file :
/var/run/sophie.pid
Jan 7 14:31:30 eagle sophie[30785]: Timeout : 300 seconds
Jan 7 14:31:30 eagle sophie[30785]: Running as user : mail
Jan 7 14:31:30 eagle sophie[30785]: Socket group : mail
Jan 7 14:31:30 eagle sophie[30785]: Logname : sophie
Jan 7 14:31:30 eagle sophie[30785]: Log facility : 16 (mail)
Jan 7 14:31:30 eagle sophie[30785]: Log priority : 5 (notice)
Jan 7 14:31:30 eagle sophie[30785]: Error strings? : yes
Jan 7 14:31:30 eagle sophie[30785]: Timestamps? : no
Jan 7 14:31:30 eagle sophie[30785]: Show virus name? : yes
Jan 7 14:31:30 eagle sophie[30785]: Callbacks? : yes
Jan 7 14:31:30 eagle sophie[30785]: limit_classif : 10
Jan 7 14:31:30 eagle sophie[30785]: limit_nextfile : 10000
Jan 7 14:31:30 eagle sophie[30785]: limit_decompr : 1000
Jan 7 14:31:30 eagle sophie[30785]: socket_check : yes
Jan 7 14:31:30 eagle sophie[30785]: Port : 4009
Jan 7 14:31:30 eagle sophie[30785]: Temporary dir : /tmp
Jan 7 14:31:30 eagle sophie[30785]: Sophie version : 3.05
Thank you very much in advance,